Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
fNlxQP0jBz.exe

Overview

General Information

Sample name:fNlxQP0jBz.exe
renamed because original name is a hash value
Original sample name:687bbf73e7b900ff5d46c6c2d23c6a40.exe
Analysis ID:1576055
MD5:687bbf73e7b900ff5d46c6c2d23c6a40
SHA1:3525c527942817869fb00ee2a8aa88e78a331f3a
SHA256:18defb28d0c93edff52a2be5d4317dad26358a689671beda075a36db021f5525
Tags:exeuser-abuse_ch
Infos:

Detection

Credential Flusher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • fNlxQP0jBz.exe (PID: 2836 cmdline: "C:\Users\user\Desktop\fNlxQP0jBz.exe" MD5: 687BBF73E7B900FF5D46C6C2D23C6A40)
    • taskkill.exe (PID: 6368 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6148 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 2876 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 2636 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7096 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 5268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6196 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6224 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 7056 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 1784 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 2300 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 3364 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2188 -parentBuildID 20230927232528 -prefsHandle 2108 -prefMapHandle 2100 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12907ec4-232e-4d05-b7ce-d91f899773f5} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" 1d9a636ed10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7540 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2976 -parentBuildID 20230927232528 -prefsHandle 2704 -prefMapHandle 2700 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f38d267-c9b2-44d4-9744-10d37a4fa31f} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" 1d9b6f50a10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8060 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5064 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5012 -prefMapHandle 5000 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f627ac23-b8c5-4c14-adf9-e863221972c9} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" 1d9b8573110 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: fNlxQP0jBz.exe PID: 2836JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: fNlxQP0jBz.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: fNlxQP0jBz.exeReversingLabs: Detection: 34%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
    Machine Learning detection for sample
    Source: fNlxQP0jBz.exeJoe Sandbox ML: detected
    Source: fNlxQP0jBz.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49717 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49718 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49729 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49733 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49734 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49750 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49759 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49791 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49796 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.5:49799 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49802 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49803 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49801 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49804 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49873 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49874 version: TLS 1.2
    Source: Binary string: UxTheme.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: rsaenh.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2238953521.000001D9B378C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: winsta.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: bcrypt.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: WscApi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2237261252.000001D9B3792000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: msvcrt.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8WinTypes.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xul.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nssckbi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mozglue.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dcomp.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winnsi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: cryptsp.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8dhcpcsvc6.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8softokn3.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: CLBCatQ.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntmarta.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: urlmon.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8twinapi.appcore.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8kernelbase.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shlwapi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8CoreMessaging.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: win32u.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dwmapi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8bcryptprimitives.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: firefox.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: srvcli.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: imm32.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: freebl3.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ws2_32.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8imagehlp.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mswsock.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8iphlpapi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8gkcodecs.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nsi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8ExplorerFrame.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winmm.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ole32.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8CoreUIComponents.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8osclientcerts.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8cryptbase.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8cfgmgr32.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msasn1.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: DWrite.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: combase.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8iertutil.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8dhcpcsvc.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8msvcp140.amd64.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2237791962.000001D9B373F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: nss3.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ncrypt.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8webauthn.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Kernel.Appcore.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8powrprof.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8ColorAdapterClient.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wsock32.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8MMDevAPI.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wininet.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: UMPDC.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8oleaut32.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8kernel32.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8TextInputFramework.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: rpcrt4.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2237791962.000001D9B373F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2238953521.000001D9B378C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: 8InputHost.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8ucrtbase.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shcore.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8audioses.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Bcp47mrm.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8netutils.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shell32.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8rasadhlp.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sspicli.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Bcp47Langs.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8wtsapi32.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8taskschd.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8msvcp_win.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2237261252.000001D9B3792000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: dnsapi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: userenv.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.UI.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nlaapi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8fwpuclnt.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winhttp.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msimg32.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntasn1.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: devobj.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: d3d11.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8advapi32.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.Storage.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dbghelp.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8netprofm.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: profapi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: gdi32.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: avrt.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.Globalization.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: WLDP.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8directmanipulation.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sechost.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8setupapi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8vcruntime140_1.amd64.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: propsys.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8lgpllibs.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: 8gdi32full.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8vcruntime140.amd64.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winrnr.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msctf.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: version.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dbgcore.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mscms.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: user32.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: twinapi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8DataExchange.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: 8wintrust.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: psapi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8WindowManagementAPI.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntdll.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dxgi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8npmproxy.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8linkinfo.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.UI.Immersive.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: crypt32.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0042DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0042DBBE
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003FC2A2 FindFirstFileExW,0_2_003FC2A2
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_004368EE FindFirstFileW,FindClose,0_2_004368EE
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0043698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0043698F
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0042D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0042D076
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0042D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0042D3A9
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00439642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00439642
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0043979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0043979D
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00439B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00439B2B
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00435C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00435C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 226MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 151.101.129.91 151.101.129.91
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0043CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0043CE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000E.00000003.2363672248.000019511ED03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: '*://www.facebook.com/*Z equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2363672248.000019511ED03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2363672248.000019511ED03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/*Z equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2363672248.000019511ED03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2363672248.000019511ED03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/*Z equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2287953258.000001D9C252D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2294302514.000001D9C257C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2365856334.000001D9C2582000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287953258.000001D9C256F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2279585540.000001D9BE8F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306725078.000001D9BE8F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2162409313.000001D9BE5A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243163966.000001D9BE5A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296886406.000001D9BE8B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2162409313.000001D9BE5A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243163966.000001D9BE5A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2279585540.000001D9BE8F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2338397221.000001D9B7AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287953258.000001D9C252D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301499841.000001D9B87CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2294302514.000001D9C257C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2365856334.000001D9C2582000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287953258.000001D9C256F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2317513799.000001D9B7949000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2317513799.000001D9B7949000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2162409313.000001D9BE5A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243163966.000001D9BE5A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2166474248.000001D9B7B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2363672248.000019511ED03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/Z equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2162409313.000001D9BE5A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243163966.000001D9BE5A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2279585540.000001D9BE8F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2329497706.000001D9BE25F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2298736637.000001D9BE247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2329497706.000001D9BE25F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2298736637.000001D9BE247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2329497706.000001D9BE25F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2298736637.000001D9BE247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000012.00000002.3948246866.0000022EB0A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/nj` equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000012.00000002.3948246866.0000022EB0A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/nj` equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000012.00000002.3948246866.0000022EB0A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/nj` equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2363672248.000019511ED03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2305290419.000001D9C256F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322736131.000001D9C2570000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287953258.000001D9C256F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://bfdd6cf3-6cd6-4fa2-bc72-2c3d2e7d20f8/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2338397221.000001D9B7AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287953258.000001D9C252D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301499841.000001D9B87CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2363672248.000019511ED03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2363564031.000026415DB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.comZ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2294302514.000001D9C257C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2365856334.000001D9C2582000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287953258.000001D9C256F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2327220012.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409175698.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296436798.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2363672248.000019511ED03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.comZ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2338397221.000001D9B7AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2338397221.000001D9B7A70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2366775552.000001D9B81AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6E90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2329810170.000001D9BE1A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 0000000E.00000003.2328726061.000001D9BE899000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296886406.000001D9BE899000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
    Source: firefox.exe, 0000000E.00000003.2328726061.000001D9BE899000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296886406.000001D9BE899000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
    Source: firefox.exe, 0000000E.00000003.2328726061.000001D9BE899000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296886406.000001D9BE899000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
    Source: firefox.exe, 0000000E.00000003.2328726061.000001D9BE899000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296886406.000001D9BE899000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
    Source: firefox.exe, 0000000E.00000003.2238251542.000001D9B36C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2201898632.000001D9B36D1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240219505.000001D9B36C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236066929.000001D9B36A7000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000E.00000003.2238251542.000001D9B36C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240219505.000001D9B36C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236066929.000001D9B36A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000E.00000003.2143256742.000001D9B63DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261863443.000001D9B63EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191810383.000001D9B63DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
    Source: firefox.exe, 0000000E.00000003.2322022798.000001D9B5FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
    Source: firefox.exe, 0000000E.00000003.2227685767.000001D9B373F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2238251542.000001D9B36C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2201898632.000001D9B36D1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240219505.000001D9B36C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236066929.000001D9B36A7000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000E.00000003.2238251542.000001D9B36C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240219505.000001D9B36C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236066929.000001D9B36A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: firefox.exe, 0000000E.00000003.2238251542.000001D9B36C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2201898632.000001D9B36D1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240219505.000001D9B36C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236066929.000001D9B36A7000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000E.00000003.2287953258.000001D9C254B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000E.00000003.2287953258.000001D9C2587000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2242120900.000001D9C205F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000E.00000003.2277966571.000001D9C2E4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000E.00000003.2277966571.000001D9C2E4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000E.00000003.2320629135.000001D9B6B3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
    Source: firefox.exe, 0000000E.00000003.2320629135.000001D9B6B3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
    Source: firefox.exe, 0000000E.00000003.2412273369.000001D9B803E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
    Source: firefox.exe, 0000000E.00000003.2412273369.000001D9B803E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
    Source: firefox.exe, 0000000E.00000003.2412273369.000001D9B803E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
    Source: firefox.exe, 0000000E.00000003.2252152480.000001D9B78D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412273369.000001D9B803E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2238245550.000001D9B78D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2190144533.000001D9B78D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000E.00000003.2364163993.00003480D7003000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412273369.000001D9B803E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
    Source: firefox.exe, 0000000E.00000003.2239388500.000001D9B884E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2265395012.000001D9B5BFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2251149369.000001D9BE495000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2248458900.000001D9B9D10000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2308191145.000001D9B3967000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236859598.000001D9B86E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2237527024.000001D9B86DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2248203462.000001D9B899C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163540159.000001D9BE3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240583102.000001D9B8985000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2356970808.000001D9B7FC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322241227.000001D9B383C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2235521475.000001D9B82C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2164565298.000001D9B8EA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2181513294.000001D9B833B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299903516.000001D9B8E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2315156121.000001D9BE2D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263982444.000001D9B7FC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2321884501.000001D9B6894000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2369361443.000001D9B6AB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2321467567.000001D9B6A5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000E.00000003.2364407258.00000F5C60B03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/Z
    Source: firefox.exe, 0000000E.00000003.2238251542.000001D9B36C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2201898632.000001D9B36D1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240219505.000001D9B36C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236066929.000001D9B36A7000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000E.00000003.2238251542.000001D9B36C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240219505.000001D9B36C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236066929.000001D9B36A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 0000000E.00000003.2143256742.000001D9B63DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261863443.000001D9B63EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191810383.000001D9B63DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2322022798.000001D9B5FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
    Source: firefox.exe, 0000000E.00000003.2245535993.000001D9BE34D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.2163855997.000001D9BE34D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245535993.000001D9BE34D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
    Source: firefox.exe, 0000000E.00000003.2163855997.000001D9BE34D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245535993.000001D9BE34D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 0000000E.00000003.2143256742.000001D9B63DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261863443.000001D9B63EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191810383.000001D9B63DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2322022798.000001D9B5FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
    Source: firefox.exe, 0000000E.00000003.2143256742.000001D9B63DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261863443.000001D9B63EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191810383.000001D9B63DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
    Source: firefox.exe, 0000000E.00000003.2322022798.000001D9B5FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000E.00000003.2328726061.000001D9BE899000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296886406.000001D9BE899000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
    Source: firefox.exe, 0000000E.00000003.2281990573.000001D9B8B66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2369595472.000001D9B6A5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2281845367.000001D9B8BA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323134692.000001D9C247E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 0000000E.00000003.2281845367.000001D9B8BA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
    Source: firefox.exe, 00000011.00000003.2161120768.00000232515FD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2160592699.00000232515FD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3952195571.00000232515FD000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.14.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000E.00000003.2248458900.000001D9B9D41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163855997.000001D9BE34D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245535993.000001D9BE34D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.2248458900.000001D9B9D41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163855997.000001D9BE34D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245535993.000001D9BE34D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000E.00000003.2296886406.000001D9BE8C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 0000000E.00000003.2138395460.000001D9B3982000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137946912.000001D9B391E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2138113551.000001D9B393F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2138263322.000001D9B3961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137624107.000001D9B6400000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000E.00000003.2247617804.000001D9B9D90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000E.00000003.2330998374.000001D9C1FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278489555.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295436837.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 0000000E.00000003.2312379160.000001D9BE5A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000E.00000003.2165469727.000001D9B8DD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2193449749.000001D9B6371000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000E.00000003.2322022798.000001D9B5FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2281404636.000001D9B91C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000E.00000003.2327220012.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409175698.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296436798.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000E.00000003.2327220012.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409175698.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296436798.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000E.00000003.2327220012.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409175698.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296436798.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000E.00000003.2327220012.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409175698.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296436798.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000E.00000003.2327220012.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409175698.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296436798.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000E.00000003.2323134692.000001D9C2465000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
    Source: firefox.exe, 0000000E.00000003.2338397221.000001D9B7AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2338397221.000001D9B7A70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301499841.000001D9B87CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282131241.000001D9B87C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 0000000E.00000003.2165980600.000001D9BE671000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336194470.000001D9B8DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 0000000E.00000003.2363672248.000019511ED03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
    Source: firefox.exe, 0000000E.00000003.2363672248.000019511ED03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.comZ
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.2409126268.000001D9BEBB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000E.00000003.2409126268.000001D9BEBB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000E.00000003.2278991677.000001D9C1CD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000E.00000003.2336306190.000001D9B8DA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2329810170.000001D9BE1A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000010.00000002.3948401132.0000025AF2EE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3947875976.00000232508E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3951041083.0000022EB0D03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
    Source: firefox.exe, 00000010.00000002.3948401132.0000025AF2EE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3947875976.00000232508E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3951041083.0000022EB0D03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
    Source: firefox.exe, 0000000E.00000003.2296436798.000001D9BEB5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000E.00000003.2191417000.000001D9B8A39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191655639.000001D9B8A3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000E.00000003.2191417000.000001D9B8A39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191655639.000001D9B8A3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000E.00000003.2190688821.000001D9B8AF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191273422.000001D9B8AD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191417000.000001D9B8A39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000E.00000003.2191273422.000001D9B8AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000E.00000003.2191417000.000001D9B8A39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191655639.000001D9B8A3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000E.00000003.2297873290.000001D9BE322000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163855997.000001D9BE322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
    Source: firefox.exe, 0000000E.00000003.2297873290.000001D9BE322000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163855997.000001D9BE322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
    Source: firefox.exe, 0000000E.00000003.2297873290.000001D9BE322000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163855997.000001D9BE322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
    Source: firefox.exe, 0000000E.00000003.2297873290.000001D9BE322000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163855997.000001D9BE322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
    Source: firefox.exe, 0000000E.00000003.2191273422.000001D9B8AD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191417000.000001D9B8A39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191655639.000001D9B8A3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000E.00000003.2191417000.000001D9B8A39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191655639.000001D9B8A3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 0000000E.00000003.2191273422.000001D9B8AD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191417000.000001D9B8A39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000E.00000003.2190688821.000001D9B8AF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191273422.000001D9B8AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000E.00000003.2138395460.000001D9B3982000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137946912.000001D9B391E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2138113551.000001D9B393F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2138263322.000001D9B3961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137624107.000001D9B6400000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000E.00000003.2328173360.000001D9BE8B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000010.00000002.3948401132.0000025AF2EE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3947875976.00000232508E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3951041083.0000022EB0D03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 00000010.00000002.3948401132.0000025AF2EE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3947875976.00000232508E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3951041083.0000022EB0D03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
    Source: firefox.exe, 0000000E.00000003.2243163966.000001D9BE5A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2329026341.000001D9BE5B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2312379160.000001D9BE5A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2312379160.000001D9BE5A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2367423226.000001D9B7054000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000E.00000003.2251149369.000001D9BE43A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2159241836.000001D9BE440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160872350.000001D9BE43F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000E.00000003.2299361542.000001D9B91EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313517162.000001D9B91EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2332942833.000001D9B91EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2281284593.000001D9B91E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.2320629135.000001D9B6B3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
    Source: firefox.exe, 0000000E.00000003.2320629135.000001D9B6B9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
    Source: firefox.exe, 0000000E.00000003.2320629135.000001D9B6B9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
    Source: firefox.exe, 0000000E.00000003.2320629135.000001D9B6B3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
    Source: firefox.exe, 0000000E.00000003.2320629135.000001D9B6B3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
    Source: firefox.exe, 0000000E.00000003.2235521475.000001D9B82C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 0000000E.00000003.2251149369.000001D9BE43A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160872350.000001D9BE43F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 0000000E.00000003.2251149369.000001D9BE43A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160872350.000001D9BE43F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 0000000E.00000003.2251149369.000001D9BE43A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2159241836.000001D9BE440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160872350.000001D9BE43F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000E.00000003.2306725078.000001D9BE8F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2174533042.000001D9B83AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137624107.000001D9B6400000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000E.00000003.2166474248.000001D9B7B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/y
    Source: firefox.exe, 0000000E.00000003.2143256742.000001D9B63DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261863443.000001D9B63EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322022798.000001D9B5FBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191810383.000001D9B63DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2322022798.000001D9B5FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
    Source: firefox.exe, 0000000E.00000003.2322022798.000001D9B5FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
    Source: firefox.exe, 0000000E.00000003.2322022798.000001D9B5FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2320629135.000001D9B6B9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
    Source: firefox.exe, 00000012.00000002.3948246866.0000022EB0A13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.2168764798.000001D9B7F88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2167620034.000001D9B7F5C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168938000.000001D9B7F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000E.00000003.2278991677.000001D9C1CD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2310306746.000001D9C20F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2242120900.000001D9C202C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241915086.000001D9C20CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 0000000E.00000003.2322022798.000001D9B5FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
    Source: firefox.exe, 0000000E.00000003.2281284593.000001D9B91E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 00000012.00000002.3948246866.0000022EB0A13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000012.00000002.3948246866.0000022EB0AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000012.00000002.3948246866.0000022EB0AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 00000012.00000002.3948246866.0000022EB0A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000E.00000003.2329076922.000001D9BE585000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2162409313.000001D9BE585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
    Source: firefox.exe, 0000000E.00000003.2329076922.000001D9BE585000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2162409313.000001D9BE585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
    Source: firefox.exe, 0000000E.00000003.2329076922.000001D9BE585000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2162409313.000001D9BE585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
    Source: firefox.exe, 0000000E.00000003.2329076922.000001D9BE585000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2162409313.000001D9BE585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
    Source: firefox.exe, 0000000E.00000003.2329076922.000001D9BE585000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2162409313.000001D9BE585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
    Source: firefox.exe, 0000000E.00000003.2329076922.000001D9BE585000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2162409313.000001D9BE585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
    Source: firefox.exe, 0000000E.00000003.2329076922.000001D9BE585000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2162409313.000001D9BE585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
    Source: firefox.exe, 00000012.00000002.3948246866.0000022EB0AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000E.00000003.2306990169.000001D9BE2A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245709409.000001D9BE2A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000E.00000003.2329076922.000001D9BE585000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2162409313.000001D9BE585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
    Source: firefox.exe, 0000000E.00000003.2245120612.000001D9BE393000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 0000000E.00000003.2329076922.000001D9BE585000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2162409313.000001D9BE585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
    Source: firefox.exe, 00000012.00000002.3948246866.0000022EB0AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000E.00000003.2306990169.000001D9BE2A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245709409.000001D9BE2A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000E.00000003.2306990169.000001D9BE2A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245709409.000001D9BE2A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000E.00000003.2306990169.000001D9BE2A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245709409.000001D9BE2A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000E.00000003.2251149369.000001D9BE43A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2159241836.000001D9BE440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160872350.000001D9BE43F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 0000000E.00000003.2251149369.000001D9BE427000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2161165417.000001D9BE432000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160965267.000001D9BE428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000E.00000003.2251149369.000001D9BE427000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2161165417.000001D9BE432000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160965267.000001D9BE428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000E.00000003.2251149369.000001D9BE43A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160872350.000001D9BE43F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 0000000E.00000003.2251149369.000001D9BE43A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160872350.000001D9BE43F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 0000000E.00000003.2137946912.000001D9B391E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2138113551.000001D9B393F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2138263322.000001D9B3961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137624107.000001D9B6400000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000E.00000003.2297873290.000001D9BE322000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163855997.000001D9BE322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
    Source: firefox.exe, 0000000E.00000003.2297873290.000001D9BE322000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163855997.000001D9BE322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
    Source: firefox.exe, 0000000E.00000003.2306990169.000001D9BE2A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245709409.000001D9BE2A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 0000000E.00000003.2297873290.000001D9BE322000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163855997.000001D9BE322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000E.00000003.2364043725.00003A4C1E604000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000E.00000003.2278489555.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295436837.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 0000000E.00000003.2304247331.000001D9B8594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2337470745.000001D9B8598000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
    Source: firefox.exe, 0000000E.00000003.2278489555.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295436837.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 0000000E.00000003.2278489555.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295436837.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 0000000E.00000003.2278489555.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295436837.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 0000000E.00000003.2278489555.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295436837.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: firefox.exe, 0000000E.00000003.2163540159.000001D9BE3A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2244789570.000001D9BE3A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.14.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000E.00000003.2287704832.000001D9C2E0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2329497706.000001D9BE25F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2298736637.000001D9BE247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3947875976.00000232508BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3948246866.0000022EB0AF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000E.00000003.2296436798.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/33070f1a-598d-4353-9457-a7ca4
    Source: firefox.exe, 0000000E.00000003.2327160280.000001D9BEBE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296436798.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/511f7f41-2b84-45a6-b97d-970b
    Source: firefox.exe, 0000000E.00000003.2287953258.000001D9C252D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323134692.000001D9C2444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/0c2d8bb9-985e-47e1
    Source: firefox.exe, 0000000E.00000003.2316529775.000001D9B807F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/29756e4d-0fb7-4213
    Source: firefox.exe, 0000000E.00000003.2305371513.000001D9C1F43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287953258.000001D9C252D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295730708.000001D9C1F43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/904baf96-478b-4a04
    Source: firefox.exe, 0000000E.00000003.2306990169.000001D9BE2A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245709409.000001D9BE2A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 0000000E.00000003.2251149369.000001D9BE43A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160872350.000001D9BE43F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2166474248.000001D9B7B68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2366945390.000001D9B7956000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317333276.000001D9B7956000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000E.00000003.2412273369.000001D9B803E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
    Source: firefox.exe, 0000000E.00000003.2412273369.000001D9B803E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
    Source: firefox.exe, 0000000E.00000003.2412273369.000001D9B803E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
    Source: firefox.exe, 0000000E.00000003.2412273369.000001D9B803E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
    Source: firefox.exe, 0000000E.00000003.2251149369.000001D9BE43A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160872350.000001D9BE43F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 0000000E.00000003.2251149369.000001D9BE43A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160872350.000001D9BE43F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 0000000E.00000003.2251149369.000001D9BE43A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160872350.000001D9BE43F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 0000000E.00000003.2322241227.000001D9B3828000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2322241227.000001D9B3828000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 0000000E.00000003.2247617804.000001D9B9D90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000E.00000003.2247617804.000001D9B9D90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000E.00000003.2323134692.000001D9C2465000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.2322022798.000001D9B5FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 0000000E.00000003.2143256742.000001D9B63DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261863443.000001D9B63EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322022798.000001D9B5FBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191810383.000001D9B63DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 0000000E.00000003.2322022798.000001D9B5FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
    Source: firefox.exe, 0000000E.00000003.2143256742.000001D9B63DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261863443.000001D9B63EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322022798.000001D9B5FBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191810383.000001D9B63DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 0000000E.00000003.2322022798.000001D9B5FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
    Source: firefox.exe, 00000010.00000002.3948401132.0000025AF2E72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3947875976.0000023250886000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3948246866.0000022EB0A8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2281404636.000001D9B91C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ok.ru/
    Source: firefox.exe, 0000000E.00000003.2322022798.000001D9B5FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000E.00000003.2143256742.000001D9B63DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261863443.000001D9B63EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322022798.000001D9B5FBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191810383.000001D9B63DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2322022798.000001D9B5FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000E.00000003.2336699371.000001D9B8D38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2245709409.000001D9BE2A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 0000000E.00000003.2329810170.000001D9BE1A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 0000000E.00000003.2313805191.000001D9B8532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 0000000E.00000003.2329810170.000001D9BE1A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 0000000E.00000003.2329810170.000001D9BE1A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2281404636.000001D9B91C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2235521475.000001D9B82C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 0000000E.00000003.2408684808.000001D9BEBC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327220012.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296436798.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000E.00000003.2326289754.000001D9C0880000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2316529775.000001D9B806E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000E.00000003.2337470745.000001D9B8598000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2312379160.000001D9BE539000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000E.00000003.2164565298.000001D9B8ED5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3947875976.0000023250812000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3948246866.0000022EB0A13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 00000012.00000002.3948246866.0000022EB0A13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/CN=The
    Source: firefox.exe, 0000000E.00000003.2307115558.000001D9B85CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000E.00000003.2329076922.000001D9BE585000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2162409313.000001D9BE585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
    Source: firefox.exe, 0000000E.00000003.2329076922.000001D9BE585000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2162409313.000001D9BE585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
    Source: firefox.exe, 0000000E.00000003.2306990169.000001D9BE2A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2329497706.000001D9BE25F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2298736637.000001D9BE247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245709409.000001D9BE2A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3947875976.00000232508BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3948246866.0000022EB0AF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 0000000E.00000003.2301499841.000001D9B87CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282131241.000001D9B87C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
    Source: firefox.exe, 0000000E.00000003.2338397221.000001D9B7AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2338397221.000001D9B7A70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301499841.000001D9B87CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282131241.000001D9B87C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 0000000E.00000003.2367112285.000001D9B70E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317687081.000001D9B70E9000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2281284593.000001D9B91E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000E.00000003.2335309334.000001D9B8E31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408684808.000001D9BEBC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299903516.000001D9B8E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327220012.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296436798.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2164565298.000001D9B8E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000E.00000003.2304353150.000001D9B8589000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
    Source: firefox.exe, 0000000E.00000003.2305290419.000001D9C256F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322736131.000001D9C2570000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287953258.000001D9C2595000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287953258.000001D9C256F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316529775.000001D9B807F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294302514.000001D9C2595000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2321301566.000001D9B6AE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294709260.000001D9C256F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000E.00000003.2367112285.000001D9B70CF000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000E.00000003.2320629135.000001D9B6B3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
    Source: firefox.exe, 0000000E.00000003.2320629135.000001D9B6B3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
    Source: firefox.exe, 0000000E.00000003.2186976434.000001D9B9CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2244052655.000001D9B9CA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 0000000E.00000003.2327094111.000001D9C0829000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: places.sqlite-wal.14.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.
    Source: firefox.exe, 0000000E.00000003.2367112285.000001D9B70CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
    Source: firefox.exe, 0000000E.00000003.2251149369.000001D9BE43A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160872350.000001D9BE43F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 0000000E.00000003.2320629135.000001D9B6B3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
    Source: firefox.exe, 0000000E.00000003.2320629135.000001D9B6B3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
    Source: firefox.exe, 0000000E.00000003.2320629135.000001D9B6B3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
    Source: firefox.exe, 0000000E.00000003.2320629135.000001D9B6B3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000E.00000003.2322022798.000001D9B5FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
    Source: firefox.exe, 0000000E.00000003.2281404636.000001D9B91C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2307115558.000001D9B85CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 0000000E.00000003.2363672248.000019511ED03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/Z
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 0000000E.00000003.2301499841.000001D9B87CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282131241.000001D9B87C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000E.00000003.2306990169.000001D9BE2A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245709409.000001D9BE2A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 0000000E.00000003.2165980600.000001D9BE671000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336194470.000001D9B8DB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 0000000E.00000003.2251149369.000001D9BE43A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2159241836.000001D9BE440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160872350.000001D9BE43F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 0000000E.00000003.2166474248.000001D9B7B68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2338397221.000001D9B7A3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 0000000E.00000003.2338397221.000001D9B7A3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 0000000E.00000003.2166474248.000001D9B7B68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336194470.000001D9B8DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000E.00000003.2307115558.000001D9B85CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000010.00000002.3948401132.0000025AF2EE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3947875976.00000232508E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3951041083.0000022EB0D03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
    Source: firefox.exe, 0000000E.00000003.2363672248.000019511ED03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/Z
    Source: firefox.exe, 0000000E.00000003.2296886406.000001D9BE890000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137624107.000001D9B6400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412053523.000001D9B8044000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000E.00000003.2243163966.000001D9BE532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
    Source: firefox.exe, 0000000E.00000003.2338397221.000001D9B7A3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 0000000E.00000003.2338397221.000001D9B7A3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 0000000E.00000003.2336194470.000001D9B8DB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 0000000E.00000003.2317513799.000001D9B7949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 0000000E.00000003.2336194470.000001D9B8DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 00000010.00000002.3948401132.0000025AF2EE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3947875976.00000232508E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3951041083.0000022EB0D03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
    Source: firefox.exe, 0000000E.00000003.2317513799.000001D9B7949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: firefox.exe, 0000000E.00000003.2238251542.000001D9B36C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2201898632.000001D9B36D1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240219505.000001D9B36C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236066929.000001D9B36A7000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000E.00000003.2317513799.000001D9B7949000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 0000000E.00000003.2338397221.000001D9B7A3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 0000000E.00000003.2296886406.000001D9BE8C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317513799.000001D9B7949000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000E.00000003.2312379160.000001D9BE571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 0000000E.00000003.2166474248.000001D9B7B68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2161655942.000001D9BE611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000E.00000003.2138395460.000001D9B3982000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137946912.000001D9B391E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2138113551.000001D9B393F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2138263322.000001D9B3961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137624107.000001D9B6400000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000E.00000003.2166474248.000001D9B7B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/searche98c663d-408d-4901-9666-66e67a3084b4acc27094-9f0a-49af-868b-8b
    Source: firefox.exe, 0000000E.00000003.2296886406.000001D9BE8C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2248422359.000001D9B83AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2138113551.000001D9B393F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2138263322.000001D9B3961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2173835300.000001D9B83AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2174533042.000001D9B83AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137624107.000001D9B6400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412053523.000001D9B8044000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000E.00000003.2333047039.000001D9B91D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2336194470.000001D9B8DB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 0000000E.00000003.2336194470.000001D9B8DB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 0000000E.00000003.2166474248.000001D9B7B68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336194470.000001D9B8DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 0000000E.00000003.2304247331.000001D9B8594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2337470745.000001D9B8598000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
    Source: firefox.exe, 0000000E.00000003.2367112285.000001D9B70E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317687081.000001D9B70E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2331489753.000001D9BE87E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243163966.000001D9BE542000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2328726061.000001D9BE893000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296886406.000001D9BE890000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2410616049.000001D9BE547000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2281284593.000001D9B91C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.
    Source: firefox.exe, 0000000E.00000003.2367112285.000001D9B70CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
    Source: firefox.exe, 0000000E.00000003.2168764798.000001D9B7F88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2167620034.000001D9B7F5C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2168938000.000001D9B7F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000E.00000003.2327390402.000001D9BEB63000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409254170.000001D9BEB7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296436798.000001D9BEB5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.
    Source: firefox.exe, 0000000E.00000003.2367112285.000001D9B70CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
    Source: firefox.exe, 0000000E.00000003.2304353150.000001D9B8589000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2295436837.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.14.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.2367112285.000001D9B70CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412053523.000001D9B8063000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
    Source: firefox.exe, 0000000E.00000003.2363886592.00003821E1003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Z
    Source: firefox.exe, 0000000E.00000003.2304353150.000001D9B8589000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2367112285.000001D9B70CF000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000E.00000003.2327220012.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296436798.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409126268.000001D9BEBB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 0000000E.00000003.2367112285.000001D9B70CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412053523.000001D9B8063000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
    Source: firefox.exe, 00000010.00000002.3948401132.0000025AF2ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3947875976.00000232508C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3948246866.0000022EB0AF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.2329076922.000001D9BE585000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2162409313.000001D9BE585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
    Source: firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000E.00000003.2329076922.000001D9BE585000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2162409313.000001D9BE585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
    Source: firefox.exe, 0000000E.00000003.2367112285.000001D9B70CF000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 0000000E.00000003.2247617804.000001D9B9D90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000E.00000003.2338397221.000001D9B7A3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000E.00000003.2307115558.000001D9B85CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000E.00000003.2363672248.000019511ED03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/Z
    Source: firefox.exe, 0000000E.00000003.2364163993.00003480D7003000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282131241.000001D9B87C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
    Source: firefox.exe, 0000000E.00000003.2287953258.000001D9C252D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2363672248.000019511ED03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 0000000E.00000003.2338397221.000001D9B7A3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: firefox.exe, 00000012.00000002.3948246866.0000022EB0A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000E.00000003.2363672248.000019511ED03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z
    Source: firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
    Source: firefox.exe, 0000000E.00000003.2320629135.000001D9B6B3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
    Source: firefox.exe, 0000000E.00000003.2281764573.000001D9B8BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000E.00000003.2329810170.000001D9BE1A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336699371.000001D9B8D19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245709409.000001D9BE2EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.14.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000012.00000002.3950633933.0000022EB0B50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.co
    Source: firefox.exe, 0000000E.00000003.2238251542.000001D9B36C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240219505.000001D9B36C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236066929.000001D9B36A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pw
    Source: firefox.exe, 0000000E.00000003.2296886406.000001D9BE899000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3947685342.0000025AF2C9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3950788017.0000025AF2FD4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3947685342.0000025AF2C90000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3947118698.00000232505DA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3950356126.0000023250934000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3947361205.0000022EB081A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3950633933.0000022EB0B54000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3947361205.0000022EB0810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 00000011.00000002.3947118698.00000232505D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd%
    Source: firefox.exe, 0000000C.00000002.2121383324.0000022AB6807000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2132133513.000001958720F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000011.00000002.3947118698.00000232505DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd1
    Source: firefox.exe, 0000000E.00000003.2298736637.000001D9BE247000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd3
    Source: fNlxQP0jBz.exe, 00000000.00000002.2165084640.0000000001760000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd38/
    Source: firefox.exe, 00000010.00000002.3950788017.0000025AF2FD4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3947685342.0000025AF2C90000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3947118698.00000232505D0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3950356126.0000023250934000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3950633933.0000022EB0B54000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3947361205.0000022EB0810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: firefox.exe, 0000000E.00000003.2332619169.000001D9B9DDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2247617804.000001D9B9DDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdP
    Source: firefox.exe, 0000000E.00000003.2364043725.00003A4C1E604000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.comZ
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
    Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49717 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49718 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49729 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49733 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49734 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49750 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49759 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49791 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49796 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.5:49799 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49802 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49803 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49801 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49804 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49873 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49874 version: TLS 1.2
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0043EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0043EAFF
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0043ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0043ED6A
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0043EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0043EAFF
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0042AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0042AA57
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00459576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00459576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: fNlxQP0jBz.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: fNlxQP0jBz.exe, 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_e4550224-2
    Source: fNlxQP0jBz.exe, 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_b5d51153-8
    Source: fNlxQP0jBz.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_81bc57b5-5
    Source: fNlxQP0jBz.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_0773f251-e
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000023250DF90F7 NtQuerySystemInformation,17_2_0000023250DF90F7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000023250DF21F2 NtQuerySystemInformation,17_2_0000023250DF21F2
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0042D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0042D5EB
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00421201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00421201
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0042E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0042E8F6
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003CBF400_2_003CBF40
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_004320460_2_00432046
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003C80600_2_003C8060
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_004282980_2_00428298
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003FE4FF0_2_003FE4FF
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003F676B0_2_003F676B
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_004548730_2_00454873
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003ECAA00_2_003ECAA0
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003CCAF00_2_003CCAF0
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003DCC390_2_003DCC39
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003F6DD90_2_003F6DD9
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003DB1190_2_003DB119
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003C91C00_2_003C91C0
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003E13940_2_003E1394
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003E17060_2_003E1706
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003E781B0_2_003E781B
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003C79200_2_003C7920
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003D997D0_2_003D997D
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003E19B00_2_003E19B0
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003E7A4A0_2_003E7A4A
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003E1C770_2_003E1C77
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003E7CA70_2_003E7CA7
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0044BE440_2_0044BE44
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003F9EEE0_2_003F9EEE
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003E1F320_2_003E1F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000023250DF90F717_2_0000023250DF90F7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000023250DF21F217_2_0000023250DF21F2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000023250DF223217_2_0000023250DF2232
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000023250DF291C17_2_0000023250DF291C
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: String function: 003C9CB3 appears 31 times
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: String function: 003DF9F2 appears 40 times
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: String function: 003E0A30 appears 46 times
    Source: fNlxQP0jBz.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal80.troj.evad.winEXE@34/39@71/12
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_004337B5 GetLastError,FormatMessageW,0_2_004337B5
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_004210BF AdjustTokenPrivileges,CloseHandle,0_2_004210BF
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_004216C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_004216C3
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_004351CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_004351CD
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0042D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0042D4DC
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0043648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0043648E
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003C42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_003C42A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5268:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6160:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2636:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6224:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6468:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: fNlxQP0jBz.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000E.00000003.2330998374.000001D9C1FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322241227.000001D9B383C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278489555.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295436837.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 0000000E.00000003.2330998374.000001D9C1FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278489555.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295436837.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 0000000E.00000003.2330998374.000001D9C1FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278489555.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295436837.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 0000000E.00000003.2330998374.000001D9C1FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278489555.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295436837.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 0000000E.00000003.2330998374.000001D9C1FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278489555.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295436837.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 0000000E.00000003.2330998374.000001D9C1FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278489555.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295436837.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 0000000E.00000003.2330998374.000001D9C1FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278489555.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295436837.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 0000000E.00000003.2330998374.000001D9C1FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278489555.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295436837.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 0000000E.00000003.2330998374.000001D9C1FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278489555.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295436837.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: fNlxQP0jBz.exeReversingLabs: Detection: 34%
    Source: unknownProcess created: C:\Users\user\Desktop\fNlxQP0jBz.exe "C:\Users\user\Desktop\fNlxQP0jBz.exe"
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2188 -parentBuildID 20230927232528 -prefsHandle 2108 -prefMapHandle 2100 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12907ec4-232e-4d05-b7ce-d91f899773f5} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" 1d9a636ed10 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2976 -parentBuildID 20230927232528 -prefsHandle 2704 -prefMapHandle 2700 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f38d267-c9b2-44d4-9744-10d37a4fa31f} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" 1d9b6f50a10 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5064 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5012 -prefMapHandle 5000 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f627ac23-b8c5-4c14-adf9-e863221972c9} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" 1d9b8573110 utility
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2188 -parentBuildID 20230927232528 -prefsHandle 2108 -prefMapHandle 2100 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12907ec4-232e-4d05-b7ce-d91f899773f5} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" 1d9a636ed10 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2976 -parentBuildID 20230927232528 -prefsHandle 2704 -prefMapHandle 2700 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f38d267-c9b2-44d4-9744-10d37a4fa31f} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" 1d9b6f50a10 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5064 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5012 -prefMapHandle 5000 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f627ac23-b8c5-4c14-adf9-e863221972c9} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" 1d9b8573110 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: fNlxQP0jBz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: fNlxQP0jBz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: fNlxQP0jBz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: fNlxQP0jBz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: fNlxQP0jBz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: fNlxQP0jBz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: fNlxQP0jBz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: UxTheme.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: rsaenh.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2238953521.000001D9B378C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: winsta.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: bcrypt.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: WscApi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2237261252.000001D9B3792000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: msvcrt.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8WinTypes.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xul.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nssckbi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mozglue.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dcomp.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winnsi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: cryptsp.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8dhcpcsvc6.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8softokn3.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: CLBCatQ.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntmarta.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: urlmon.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8twinapi.appcore.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8kernelbase.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shlwapi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8CoreMessaging.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: win32u.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dwmapi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8bcryptprimitives.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: firefox.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: srvcli.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: imm32.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: freebl3.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ws2_32.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8imagehlp.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mswsock.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8iphlpapi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8gkcodecs.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nsi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8ExplorerFrame.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winmm.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ole32.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8CoreUIComponents.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8osclientcerts.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8cryptbase.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8cfgmgr32.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msasn1.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: DWrite.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: combase.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8iertutil.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8dhcpcsvc.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8msvcp140.amd64.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2237791962.000001D9B373F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: nss3.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ncrypt.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8webauthn.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Kernel.Appcore.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8powrprof.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8ColorAdapterClient.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wsock32.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8MMDevAPI.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wininet.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: UMPDC.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8oleaut32.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8kernel32.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8TextInputFramework.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: rpcrt4.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2237791962.000001D9B373F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2238953521.000001D9B378C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: 8InputHost.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8ucrtbase.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shcore.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8audioses.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Bcp47mrm.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8netutils.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shell32.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8rasadhlp.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sspicli.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Bcp47Langs.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8wtsapi32.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8taskschd.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8msvcp_win.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2237261252.000001D9B3792000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: dnsapi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: userenv.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.UI.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nlaapi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8fwpuclnt.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winhttp.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msimg32.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntasn1.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: devobj.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: d3d11.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8advapi32.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.Storage.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dbghelp.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8netprofm.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: profapi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: gdi32.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: avrt.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.Globalization.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: WLDP.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8directmanipulation.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sechost.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8setupapi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8vcruntime140_1.amd64.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: propsys.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8lgpllibs.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: 8gdi32full.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8vcruntime140.amd64.pdb source: firefox.exe, 0000000E.00000003.2240135766.000001D9C2E66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winrnr.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msctf.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: version.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dbgcore.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mscms.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: user32.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: twinapi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8DataExchange.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: 8wintrust.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: psapi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8WindowManagementAPI.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntdll.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dxgi.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8npmproxy.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8linkinfo.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.UI.Immersive.pdb source: firefox.exe, 0000000E.00000003.2239849626.000001D9C2E8E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: crypt32.pdb source: firefox.exe, 0000000E.00000003.2240497440.000001D9C2E47000.00000004.00000800.00020000.00000000.sdmp
    Source: fNlxQP0jBz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: fNlxQP0jBz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: fNlxQP0jBz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: fNlxQP0jBz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: fNlxQP0jBz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003C42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003C42DE
    Source: gmpopenh264.dll.tmp.14.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003E0A76 push ecx; ret 0_2_003E0A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003DF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_003DF98E
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00451C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00451C41
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95774
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000023250DF90F7 rdtsc 17_2_0000023250DF90F7
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeAPI coverage: 3.8 %
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exe TID: 6716Thread sleep count: 102 > 30Jump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exe TID: 6716Thread sleep count: 120 > 30Jump to behavior
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0042DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0042DBBE
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003FC2A2 FindFirstFileExW,0_2_003FC2A2
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_004368EE FindFirstFileW,FindClose,0_2_004368EE
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0043698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0043698F
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0042D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0042D076
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0042D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0042D3A9
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00439642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00439642
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0043979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0043979D
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00439B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00439B2B
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00435C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00435C97
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003C42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003C42DE
    Source: firefox.exe, 00000012.00000002.3947361205.0000022EB081A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp*
    Source: firefox.exe, 00000010.00000002.3951661958.0000025AF3100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllr
    Source: firefox.exe, 00000010.00000002.3951661958.0000025AF3100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll4
    Source: firefox.exe, 00000011.00000002.3951410015.0000023250E10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlle
    Source: firefox.exe, 00000010.00000002.3947685342.0000025AF2C9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3947118698.00000232505DA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3951410015.0000023250E10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 00000010.00000002.3951148043.0000025AF3020000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000012.00000002.3950868564.0000022EB0B60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
    Source: firefox.exe, 00000010.00000002.3951661958.0000025AF3100000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3951410015.0000023250E10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: firefox.exe, 00000011.00000002.3951410015.0000023250E10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlld
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000023250DF90F7 rdtsc 17_2_0000023250DF90F7
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0043EAA2 BlockInput,0_2_0043EAA2
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003F2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_003F2622
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003C42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003C42DE
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003E4CE8 mov eax, dword ptr fs:[00000030h]0_2_003E4CE8
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00420B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00420B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003F2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_003F2622
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003E083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_003E083F
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003E09D5 SetUnhandledExceptionFilter,0_2_003E09D5
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003E0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_003E0C21
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00421201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00421201
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00402BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00402BA5
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0042B226 SendInput,keybd_event,0_2_0042B226
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_004422DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_004422DA
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00420B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00420B62
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00421663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00421663
    Source: fNlxQP0jBz.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: fNlxQP0jBz.exeBinary or memory string: Shell_TrayWnd
    Source: firefox.exe, 0000000E.00000003.2210996008.000001D9C2831000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003E0698 cpuid 0_2_003E0698
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0041D21C GetLocalTime,0_2_0041D21C
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_0041D27A GetUserNameW,0_2_0041D27A
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003FB952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_003FB952
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_003C42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003C42DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: fNlxQP0jBz.exe PID: 2836, type: MEMORYSTR
    Source: fNlxQP0jBz.exeBinary or memory string: WIN_81
    Source: fNlxQP0jBz.exeBinary or memory string: WIN_XP
    Source: fNlxQP0jBz.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: fNlxQP0jBz.exeBinary or memory string: WIN_XPe
    Source: fNlxQP0jBz.exeBinary or memory string: WIN_VISTA
    Source: fNlxQP0jBz.exeBinary or memory string: WIN_7
    Source: fNlxQP0jBz.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: fNlxQP0jBz.exe PID: 2836, type: MEMORYSTR
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00441204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00441204
    Source: C:\Users\user\Desktop\fNlxQP0jBz.exeCode function: 0_2_00441806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00441806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		12
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation    		1
    Extra Window Memory Injection    		LSA Secrets131
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection    		1
    Masquerading    		Cached Domain Credentials11
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
    Virtualization/Sandbox Evasion    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1576055 Sample: fNlxQP0jBz.exe Startdate: 16/12/2024 Architecture: WINDOWS Score: 80 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Credential Flusher 2->61 63 3 other signatures 2->63 8 fNlxQP0jBz.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 226 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.78, 443, 49711, 49712 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49713, 49722, 49724 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    fNlxQP0jBz.exe34%ReversingLabsWin32.Trojan.Amadey
    fNlxQP0jBz.exe100%AviraTR/ATRAPS.Gen
    fNlxQP0jBz.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		93.184.215.14
    		truefalse
      		high
      star-mini.c10r.facebook.com
      		157.240.195.35
      		truefalse
        		high
        prod.classify-client.prod.webservices.mozgcp.net
        		35.190.72.216
        		truefalse
          		high
          prod.balrog.prod.cloudops.mozgcp.net
          		35.244.181.201
          		truefalse
            		high
            twitter.com
            		104.244.42.193
            		truefalse
              		high
              prod.detectportal.prod.cloudops.mozgcp.net
              		34.107.221.82
              		truefalse
                		high
                services.addons.mozilla.org
                		151.101.129.91
                		truefalse
                  		high
                  dyna.wikimedia.org
                  		185.15.58.224
                  		truefalse
                    		high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    		34.149.100.209
                    		truefalse
                      		high
                      contile.services.mozilla.com
                      		34.117.188.166
                      		truefalse
                        		high
                        youtube.com
                        		142.250.181.78
                        		truefalse
                          		high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          		34.160.144.191
                          		truefalse
                            		high
                            youtube-ui.l.google.com
                            		172.217.17.78
                            		truefalse
                              		high
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              		34.149.128.2
                              		truefalse
                                		high
                                reddit.map.fastly.net
                                		151.101.1.140
                                		truefalse
                                  		high
                                  ipv4only.arpa
                                  		192.0.0.170
                                  		truefalse
                                    		high
                                    prod.ads.prod.webservices.mozgcp.net
                                    		34.117.188.166
                                    		truefalse
                                      		high
                                      push.services.mozilla.com
                                      		34.107.243.93
                                      		truefalse
                                        		high
                                        normandy-cdn.services.mozilla.com
                                        		35.201.103.21
                                        		truefalse
                                          		high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          		34.120.208.123
                                          		truefalse
                                            		high
                                            www.reddit.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              spocs.getpocket.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                content-signature-2.cdn.mozilla.net
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  support.mozilla.org
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    firefox.settings.services.mozilla.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      www.youtube.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        www.facebook.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          detectportal.firefox.com
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            normandy.cdn.mozilla.net
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              shavar.services.mozilla.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                www.wikipedia.org
                                                                		unknown
                                                                		unknownfalse
                                                                  		high

                                                                  URLs from Memory and Binaries

                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://youtube.comZfirefox.exe, 0000000E.00000003.2364043725.00003A4C1E604000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000012.00000002.3948246866.0000022EB0AC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://detectportal.firefox.com/firefox.exe, 0000000E.00000003.2287953258.000001D9C2587000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://crl.microsoftfirefox.exe, 0000000E.00000003.2227685767.000001D9B373F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://datastudio.google.com/embed/reporting/firefox.exe, 0000000E.00000003.2299361542.000001D9B91EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2313517162.000001D9B91EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2332942833.000001D9B91EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2281284593.000001D9B91E6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.mozilla.com0gmpopenh264.dll.tmp.14.drfalse
                                                                                  		high
                                                                                  https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000E.00000003.2251149369.000001D9BE43A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2159241836.000001D9BE440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160872350.000001D9BE43F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.firefox.exe, 00000010.00000002.3948401132.0000025AF2EE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3947875976.00000232508E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3951041083.0000022EB0D03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                      		high
                                                                                      https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000010.00000002.3948401132.0000025AF2E72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3947875976.0000023250886000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3948246866.0000022EB0A8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://json-schema.org/draft/2019-09/schema.firefox.exe, 0000000E.00000003.2412273369.000001D9B803E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.leboncoin.fr/firefox.exe, 0000000E.00000003.2166474248.000001D9B7B68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336194470.000001D9B8DB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://spocs.getpocket.com/spocsfirefox.exe, 0000000E.00000003.2307115558.000001D9B85CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozillfirefox.exe, 0000000E.00000003.2243163966.000001D9BE532000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://shavar.services.mozilla.comfirefox.exe, 0000000E.00000003.2326289754.000001D9C0880000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://completion.amazon.com/search/complete?q=firefox.exe, 0000000E.00000003.2138395460.000001D9B3982000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137946912.000001D9B391E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2138113551.000001D9B393F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2138263322.000001D9B3961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137624107.000001D9B6400000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000E.00000003.2338397221.000001D9B7AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2338397221.000001D9B7A70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301499841.000001D9B87CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282131241.000001D9B87C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000E.00000003.2278489555.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295436837.000001D9C1F7F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://monitor.firefox.com/breach-details/firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 0000000E.00000003.2297873290.000001D9BE322000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163855997.000001D9BE322000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 0000000E.00000003.2320629135.000001D9B6B3D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000E.00000003.2296886406.000001D9BE890000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137624107.000001D9B6400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412053523.000001D9B8044000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.msn.comfirefox.exe, 0000000E.00000003.2247617804.000001D9B9D90000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000E.00000003.2137946912.000001D9B391E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2138113551.000001D9B393F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2138263322.000001D9B3961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137624107.000001D9B6400000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://youtube.com/firefox.exe, 0000000E.00000003.2329810170.000001D9BE1A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336699371.000001D9B8D19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245709409.000001D9BE2EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://content-signature-2.cdn.mozilla.net/firefox.exe, 0000000E.00000003.2328173360.000001D9BE8B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://json-schema.org/draft/2020-12/schema/=firefox.exe, 0000000E.00000003.2412273369.000001D9B803E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000E.00000003.2409126268.000001D9BEBB7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://api.accounts.firefox.com/v1firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://ok.ru/firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://www.amazon.com/firefox.exe, 0000000E.00000003.2307115558.000001D9B85CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://fpn.firefox.comfirefox.exe, 0000000E.00000003.2322022798.000001D9B5FD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 0000000E.00000003.2320629135.000001D9B6B3D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://win.mail.ru/cgi-bin/sentmsg?mailto=%sfirefox.exe, 0000000E.00000003.2143256742.000001D9B63DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261863443.000001D9B63EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191810383.000001D9B63DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.youtube.com/firefox.exe, 00000012.00000002.3948246866.0000022EB0A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000E.00000003.2191417000.000001D9B8A39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2191655639.000001D9B8A3E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://MD8.mozilla.org/1/mfirefox.exe, 0000000E.00000003.2296886406.000001D9BE8C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.bbc.co.uk/firefox.exe, 0000000E.00000003.2336194470.000001D9B8DB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000E.00000003.2327220012.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409175698.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296436798.000001D9BEBA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000012.00000002.3948246866.0000022EB0AC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://127.0.0.1:firefox.exe, 0000000E.00000003.2368096411.000001D9B6E90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2329810170.000001D9BE1A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000E.00000003.2191273422.000001D9B8AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000E.00000003.2235521475.000001D9B82C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://bugzilla.mofirefox.exe, 0000000E.00000003.2296436798.000001D9BEB5B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://mitmdetection.services.mozilla.com/firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://amazon.comfirefox.exe, 0000000E.00000003.2363672248.000019511ED03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 0000000E.00000003.2301499841.000001D9B87CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282131241.000001D9B87C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://youtube.com/account?=recovery.jsonlz4.tmp.14.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://shavar.services.mozilla.com/firefox.exe, 0000000E.00000003.2316529775.000001D9B806E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLfirefox.exe, 0000000E.00000003.2367112285.000001D9B70CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&reffirefox.exe, 00000010.00000002.3948401132.0000025AF2EE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3947875976.00000232508E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3951041083.0000022EB0D03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477firefox.exe, 00000010.00000002.3948401132.0000025AF2EE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3947875976.00000232508E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3951041083.0000022EB0D03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 0000000E.00000003.2320629135.000001D9B6B9F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://spocs.getpocket.com/firefox.exe, 0000000E.00000003.2164565298.000001D9B8ED5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3947875976.0000023250812000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3948246866.0000022EB0A13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://www.iqiyi.com/firefox.exe, 0000000E.00000003.2336194470.000001D9B8DB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://youtube.com/account?=https://accounts.google.cofirefox.exe, 00000012.00000002.3950633933.0000022EB0B50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://support.mozilla.org/products/firefoxgro.allizom.troppus.places.sqlite-wal.14.drfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://www.amazon.com/Zfirefox.exe, 0000000E.00000003.2363672248.000019511ED03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://addons.mozilla.org/firefox.exe, 0000000E.00000003.2281404636.000001D9B91C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://spocs.getpocket.com/CN=Thefirefox.exe, 00000012.00000002.3948246866.0000022EB0A13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000000E.00000003.2297873290.000001D9BE322000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163855997.000001D9BE322000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://a9.com/-/spec/opensearch/1.0/firefox.exe, 0000000E.00000003.2328726061.000001D9BE899000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296886406.000001D9BE899000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.14.drfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 0000000E.00000003.2322022798.000001D9B5FBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://monitor.firefox.com/user/dashboardfirefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://monitor.firefox.com/aboutfirefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              http://mozilla.org/MPL/2.0/.firefox.exe, 0000000E.00000003.2239388500.000001D9B884E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2265395012.000001D9B5BFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2251149369.000001D9BE495000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2248458900.000001D9B9D10000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2308191145.000001D9B3967000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236859598.000001D9B86E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2237527024.000001D9B86DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2248203462.000001D9B899C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163540159.000001D9BE3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240583102.000001D9B8985000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2356970808.000001D9B7FC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322241227.000001D9B383C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2235521475.000001D9B82C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2164565298.000001D9B8EA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2181513294.000001D9B833B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299903516.000001D9B8E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2315156121.000001D9BE2D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263982444.000001D9B7FC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2321884501.000001D9B6894000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2369361443.000001D9B6AB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2321467567.000001D9B6A5E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://account.bellmedia.cfirefox.exe, 0000000E.00000003.2247617804.000001D9B9D90000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://login.microsoftonline.comfirefox.exe, 0000000E.00000003.2247617804.000001D9B9D90000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://coverage.mozilla.orgfirefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.14.drfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://www.zhihu.com/firefox.exe, 0000000E.00000003.2368096411.000001D9B6EB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          http://x1.c.lencr.org/0firefox.exe, 0000000E.00000003.2248458900.000001D9B9D41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163855997.000001D9BE34D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245535993.000001D9BE34D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            http://x1.i.lencr.org/0firefox.exe, 0000000E.00000003.2248458900.000001D9B9D41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163855997.000001D9BE34D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245535993.000001D9BE34D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              http://a9.com/-/spec/opensearch/1.1/firefox.exe, 0000000E.00000003.2328726061.000001D9BE899000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296886406.000001D9BE899000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000E.00000003.2251149369.000001D9BE43A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160872350.000001D9BE43F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://blocked.cdn.mozilla.net/firefox.exe, 00000010.00000002.3950634178.0000025AF2F20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3950632507.0000023250DA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3947962443.0000022EB0880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 0000000E.00000003.2320629135.000001D9B6B3D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000E.00000003.2166474248.000001D9B7B68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2366945390.000001D9B7956000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317333276.000001D9B7956000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                                        http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 0000000E.00000003.2320629135.000001D9B6B3D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          		high

                                                                                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                          34.149.100.209
                                                                                                                                                                                                                                                                          		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          151.101.129.91
                                                                                                                                                                                                                                                                          		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                          		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                          34.107.243.93
                                                                                                                                                                                                                                                                          		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.107.221.82
                                                                                                                                                                                                                                                                          		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.244.181.201
                                                                                                                                                                                                                                                                          		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.117.188.166
                                                                                                                                                                                                                                                                          		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                          35.201.103.21
                                                                                                                                                                                                                                                                          		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.190.72.216
                                                                                                                                                                                                                                                                          		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          142.250.181.78
                                                                                                                                                                                                                                                                          		youtube.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.160.144.191
                                                                                                                                                                                                                                                                          		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.120.208.123
                                                                                                                                                                                                                                                                          		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                          Private

                                                                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                                                                                                          General Information

                                                                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                          Analysis ID:1576055
                                                                                                                                                                                                                                                                          Start date and time:2024-12-16 13:51:32 +01:00
                                                                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                          Overall analysis duration:0h 8m 5s
                                                                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                          Run name:Run with higher sleep bypass
                                                                                                                                                                                                                                                                          Number of analysed new started processes analysed:21
                                                                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                          Sample name:fNlxQP0jBz.exe
                                                                                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                                                                                          Original Sample Name:687bbf73e7b900ff5d46c6c2d23c6a40.exe
                                                                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                                                                          Classification:mal80.troj.evad.winEXE@34/39@71/12
                                                                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 40%
                                                                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 97%
                                                                                                                                                                                                                                                                          • Number of executed functions: 50
                                                                                                                                                                                                                                                                          • Number of non-executed functions: 286
                                                                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                                                                                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 54.213.181.160, 35.85.93.176, 44.228.225.150, 172.217.17.46, 88.221.134.155, 88.221.134.209, 172.217.17.74, 23.218.208.109, 13.107.246.63, 20.12.23.50
                                                                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, otelrules.azureedge.net, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                          • Execution Graph export aborted for target firefox.exe, PID 2300 because there are no executed function
                                                                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                          • VT rate limit hit for: fNlxQP0jBz.exe

                                                                                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                                                                                          IPs

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          34.117.188.166LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                            LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                      mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                            34.149.100.209LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              151.101.129.91LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                      Pl8Tb06C8A.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  example.orgLbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  star-mini.c10r.facebook.comLbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  https://afw.soundestlink.com/ce/c/675c127e5a5226f9e7b86686/675c13ae85cd17d1e3e2ab54/675c13c9f9a08fb1fbb3e577?signature=3f4d77f7452e61cf1e0cb9ce4a3540d02af0944caf975b089573a2fc1d891103Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                  Herinnering.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  twitter.comLbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                  nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.65

                                                                                                                                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  GOOGLE-AS-APGoogleAsiaPacificPteLtdSGLbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  1734347766284d20dc9a2ac535c59f41881efe888891552ad79abf01710e07a6dadfae2b13366.dat-decoded.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                  1734347766284d20dc9a2ac535c59f41881efe888891552ad79abf01710e07a6dadfae2b13366.dat-decoded.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  ATGS-MMD-ASUSLbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 32.173.232.211
                                                                                                                                                                                                                                                                                                                                  i486.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 32.166.191.50
                                                                                                                                                                                                                                                                                                                                  sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 51.231.242.135
                                                                                                                                                                                                                                                                                                                                  arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                  • 51.61.215.198
                                                                                                                                                                                                                                                                                                                                  arm4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.130.193.5
                                                                                                                                                                                                                                                                                                                                  mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 48.88.173.144
                                                                                                                                                                                                                                                                                                                                  ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 48.184.59.188
                                                                                                                                                                                                                                                                                                                                  FASTLYUSLbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  https://www.sendspace.com/pro/dl/m2hhc1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                  https://protect.checkpoint.com/v2/r02/___https://url1251.popmenu.com/qxdhqnhp?zus=z556.WRHPCjsgt/tA51B6LI9w4BubTYwM5p/-7KrggkVEpmPU5/oVFKKM8Rk6rAnqtQtILc2Q2H_3u9DiXC41Sfynx8MyN*~*gGwOol/aO3BY*~*pgD37kbc4-7KGmCSO4DHGqcB*~*D2S053knP-7G*~*y37ScDgrX/lhFDF7r7h5Gwz-7GtvZLu*~*h33zX5RXwSF0oDJX34CSZAvVXm4AFQJ-7Gq-7KxI/mcm4qvQmbxushMLQI9uHWfHKaPI5mifSCu5iVBRcvqUxu7JB4CzzH*~*tp7hI*~*P2JxcRqKbjQDa1m4EV2vJju-7KXGYhKkA/NMg4b3nlprWADF7NLfLtJTf5xKVlxz1PBE*~*XIwKJANjSZxzJHsTEzwI07xTpBPmh9cjRp3bNxF-8I___.YzJlOm1zbm90aWZ5OmM6bzphNDQ0NjUwYTgwNjk4YzE1YzQzODY0NjgzZWZkNGFjNzo3Ojk1N2U6NjEyMTFiMTNiOTljZDFhYmUzOWRiNzM5NDE0NGE3NDNhMDJkZjlhMmI1NzgzMzhlZTAwMjhmZTBkODVlNWNmZDpoOlQ6VAGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.130.137
                                                                                                                                                                                                                                                                                                                                  https://www.sendspace.com/pro/dl/m2hhc1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                  http://oszhjzefz.trackbest.clickGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                  https://afw.soundestlink.com/ce/c/675c127e5a5226f9e7b86686/675c13ae85cd17d1e3e2ab54/675c13c9f9a08fb1fbb3e577?signature=3f4d77f7452e61cf1e0cb9ce4a3540d02af0944caf975b089573a2fc1d891103Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                  http://898.tv/LantekqsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  ATGS-MMD-ASUSLbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 32.173.232.211
                                                                                                                                                                                                                                                                                                                                  i486.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 32.166.191.50
                                                                                                                                                                                                                                                                                                                                  sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 51.231.242.135
                                                                                                                                                                                                                                                                                                                                  arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                  • 51.61.215.198
                                                                                                                                                                                                                                                                                                                                  arm4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.130.193.5
                                                                                                                                                                                                                                                                                                                                  mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 48.88.173.144
                                                                                                                                                                                                                                                                                                                                  ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 48.184.59.188

                                                                                                                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  fb0aa01abe9d8e4037eb3473ca6e2dcaLbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123

                                                                                                                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                    C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_c017c5f1-2e98-44dd-92b3-bf7c58bea326.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.177593728003865
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:BEKMXaEPcbhbVbTbfbRbObtbyEl7ncrLJA6wnSrDtTkd/SC:6PHcNhnzFSJ8rCjnSrDhkd/H
                                                                                                                                                                                                                                                                                                                                                    MD5:000FEAE3EF93916CF0EE53B6132B6B53
                                                                                                                                                                                                                                                                                                                                                    SHA1:1B53FD0FFFCB744CEAD803F907FDD020F8DCBC18
                                                                                                                                                                                                                                                                                                                                                    SHA-256:47FB4FD4E485BA44E176B64F49C6C8767ED73BDD802332CDD3B08346C30B0301
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D4689C09E622B6AC8B418441CED28709EF36F298C6C7612DE176FD9215528772F8C029C0EBCF8D6AF782D807DBCA92025C2DFDC09BDE0DE00A68B862C1B4E72D
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"type":"uninstall","id":"c017c5f1-2e98-44dd-92b3-bf7c58bea326","creationDate":"2024-12-16T14:24:55.396Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                    C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_c017c5f1-2e98-44dd-92b3-bf7c58bea326.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.177593728003865
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:BEKMXaEPcbhbVbTbfbRbObtbyEl7ncrLJA6wnSrDtTkd/SC:6PHcNhnzFSJ8rCjnSrDhkd/H
                                                                                                                                                                                                                                                                                                                                                    MD5:000FEAE3EF93916CF0EE53B6132B6B53
                                                                                                                                                                                                                                                                                                                                                    SHA1:1B53FD0FFFCB744CEAD803F907FDD020F8DCBC18
                                                                                                                                                                                                                                                                                                                                                    SHA-256:47FB4FD4E485BA44E176B64F49C6C8767ED73BDD802332CDD3B08346C30B0301
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D4689C09E622B6AC8B418441CED28709EF36F298C6C7612DE176FD9215528772F8C029C0EBCF8D6AF782D807DBCA92025C2DFDC09BDE0DE00A68B862C1B4E72D
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"type":"uninstall","id":"c017c5f1-2e98-44dd-92b3-bf7c58bea326","creationDate":"2024-12-16T14:24:55.396Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\jumpListCache\pV+3TL7Nu3EP5juvr_gPjg==.ico

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:MS Windows icon resource - 1 icon, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 24 bits/pixel
                                                                                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):490
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.246483341090937
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12:l8v/7J2T+gwjz+vdzLSMO9mj253UT3BcHXhJo:82CgwS//O91iT3BUXh6
                                                                                                                                                                                                                                                                                                                                                    MD5:BD9751DFFFEFFA2154CC5913489ED58C
                                                                                                                                                                                                                                                                                                                                                    SHA1:1C9230053C45CA44883103A6ACFDF49AC53ABF45
                                                                                                                                                                                                                                                                                                                                                    SHA-256:834C4F18E96CFDAA395246183DE76032F1B77886764CEEBE52F6A146FA4D4C3B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:01072F60F4B2489BB84639A6179A82A3EA90A31C1AD61D30EF27800C3114DB5E45662583E1C0B5382F51635DC14372EFC71DCD069999D6B21A5D256C70697790
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:.......................PNG........IHDR................a....IDAT8O...1P......p....d1.....v)......p.nXM.t.H.(.......B$..}_G.{.......:uN...=......s|.$...`0.....dl6.>>>p.\.v;z.......F.a:.2..D.V.....V..n...g.z.X..C...v.......=.H..d..P*...i.."...X,.B...h...xyy.V....I$..J%r....6....Z-:...P..J..........|>'...P.\&.....l6....N5...Z.x<.....h.z..'@...L&.F..'.Jq<...m6.OOO.....$..r:.......v..V..ze.\.p.R..t.Z.....r...B...3.B..0...T*E".p8.D0..`2.D.j...h..n...wF...........#......O....IEND.B`.

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                    MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                    SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                    SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                    SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                    MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                    SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                    SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3027080754286393
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:RMdf2WABTIUx2dWoM15uLN8zmKMdf2WABswM+bpoqdWoM15uLFX1RgmEMdf2WABg:RMd+GUgdw7zDMd+W6BdwddMd+Wadw/1
                                                                                                                                                                                                                                                                                                                                                    MD5:92BE96D213422EE053B8AF2410EFE7A3
                                                                                                                                                                                                                                                                                                                                                    SHA1:8CB3D0EE1BC4542327AE59AD97EC4F0FB0B90846
                                                                                                                                                                                                                                                                                                                                                    SHA-256:9F0BDA2303EE1D60F43649E44244A5867ACCA19B5CFAED9DFB48F0C7226846A7
                                                                                                                                                                                                                                                                                                                                                    SHA-512:15CFBB9B3553FAC37B2A9A9EE14913A32CE53D8583AEC2B3475755D927A5787248F3D7AB2BC7454926B467E707D4691935FFBDBBB39FFA354A82C6B4C8570854
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p.......r..b.O..........S...........................P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.f....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.f............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.f..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z.............6.....C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3027080754286393
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:RMdf2WABTIUx2dWoM15uLN8zmKMdf2WABswM+bpoqdWoM15uLFX1RgmEMdf2WABg:RMd+GUgdw7zDMd+W6BdwddMd+Wadw/1
                                                                                                                                                                                                                                                                                                                                                    MD5:92BE96D213422EE053B8AF2410EFE7A3
                                                                                                                                                                                                                                                                                                                                                    SHA1:8CB3D0EE1BC4542327AE59AD97EC4F0FB0B90846
                                                                                                                                                                                                                                                                                                                                                    SHA-256:9F0BDA2303EE1D60F43649E44244A5867ACCA19B5CFAED9DFB48F0C7226846A7
                                                                                                                                                                                                                                                                                                                                                    SHA-512:15CFBB9B3553FAC37B2A9A9EE14913A32CE53D8583AEC2B3475755D927A5787248F3D7AB2BC7454926B467E707D4691935FFBDBBB39FFA354A82C6B4C8570854
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p.......r..b.O..........S...........................P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.f....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.f............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.f..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z.............6.....C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DTY2OUXJON9NSVB75AUZ.temp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3027080754286393
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:RMdf2WABTIUx2dWoM15uLN8zmKMdf2WABswM+bpoqdWoM15uLFX1RgmEMdf2WABg:RMd+GUgdw7zDMd+W6BdwddMd+Wadw/1
                                                                                                                                                                                                                                                                                                                                                    MD5:92BE96D213422EE053B8AF2410EFE7A3
                                                                                                                                                                                                                                                                                                                                                    SHA1:8CB3D0EE1BC4542327AE59AD97EC4F0FB0B90846
                                                                                                                                                                                                                                                                                                                                                    SHA-256:9F0BDA2303EE1D60F43649E44244A5867ACCA19B5CFAED9DFB48F0C7226846A7
                                                                                                                                                                                                                                                                                                                                                    SHA-512:15CFBB9B3553FAC37B2A9A9EE14913A32CE53D8583AEC2B3475755D927A5787248F3D7AB2BC7454926B467E707D4691935FFBDBBB39FFA354A82C6B4C8570854
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p.......r..b.O..........S...........................P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.f....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.f............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.f..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z.............6.....C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VU9FGKE32OAO41O80YFG.temp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3027080754286393
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:RMdf2WABTIUx2dWoM15uLN8zmKMdf2WABswM+bpoqdWoM15uLFX1RgmEMdf2WABg:RMd+GUgdw7zDMd+W6BdwddMd+Wadw/1
                                                                                                                                                                                                                                                                                                                                                    MD5:92BE96D213422EE053B8AF2410EFE7A3
                                                                                                                                                                                                                                                                                                                                                    SHA1:8CB3D0EE1BC4542327AE59AD97EC4F0FB0B90846
                                                                                                                                                                                                                                                                                                                                                    SHA-256:9F0BDA2303EE1D60F43649E44244A5867ACCA19B5CFAED9DFB48F0C7226846A7
                                                                                                                                                                                                                                                                                                                                                    SHA-512:15CFBB9B3553FAC37B2A9A9EE14913A32CE53D8583AEC2B3475755D927A5787248F3D7AB2BC7454926B467E707D4691935FFBDBBB39FFA354A82C6B4C8570854
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p.......r..b.O..........S...........................P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.f....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.f............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.f..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z.............6.....C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.923301593841673
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakNQ9Yxeln:8S+OVPUFRbOdwNIOdYpjvY1Q6Lfq8P
                                                                                                                                                                                                                                                                                                                                                    MD5:A64ED7A8EF51380020FF242CB46B88BB
                                                                                                                                                                                                                                                                                                                                                    SHA1:1EF8315BA488FBF35B911AB8C618A15890CC4552
                                                                                                                                                                                                                                                                                                                                                    SHA-256:0B4776DB41B6C8B75673CF54D224AE041141996AFE8737CE2238E55057A44489
                                                                                                                                                                                                                                                                                                                                                    SHA-512:EF1AA9594913A2B5BD222CAA647C6395AEC46D8D1F5BB40EFAD50BFD5C9BBBB96B4F496082760B193D3EE62C423171C8AB7A1F864B6D3D1368929F17337C29E9
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.923301593841673
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakNQ9Yxeln:8S+OVPUFRbOdwNIOdYpjvY1Q6Lfq8P
                                                                                                                                                                                                                                                                                                                                                    MD5:A64ED7A8EF51380020FF242CB46B88BB
                                                                                                                                                                                                                                                                                                                                                    SHA1:1EF8315BA488FBF35B911AB8C618A15890CC4552
                                                                                                                                                                                                                                                                                                                                                    SHA-256:0B4776DB41B6C8B75673CF54D224AE041141996AFE8737CE2238E55057A44489
                                                                                                                                                                                                                                                                                                                                                    SHA-512:EF1AA9594913A2B5BD222CAA647C6395AEC46D8D1F5BB40EFAD50BFD5C9BBBB96B4F496082760B193D3EE62C423171C8AB7A1F864B6D3D1368929F17337C29E9
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                    MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                    SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                    SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                    SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                    MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                    SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                    SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                    SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                    MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                    SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                    SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                    SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                    MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                    SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                    SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                    SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                    MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                    SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                    SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                    SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                    MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                    SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                    SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                    MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                    SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                    SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.1867463390487
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                                                                                                                                                                                                                                                                                    MD5:98875950B62B398FFE70C0A8D0998017
                                                                                                                                                                                                                                                                                                                                                    SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                                                                                                                                                                                                                                                                                    SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.1867463390487
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                                                                                                                                                                                                                                                                                    MD5:98875950B62B398FFE70C0A8D0998017
                                                                                                                                                                                                                                                                                                                                                    SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                                                                                                                                                                                                                                                                                    SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                    MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                    SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                    SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                    • Filename: LbgqLv7gT7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: LbgqLv7gT7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: P0HV8mjHS1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: P0HV8mjHS1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: mdPov8VTwi.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: mdPov8VTwi.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: nmy4mJXEaz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: nmy4mJXEaz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                    MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                    SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                    SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                    MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                    SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                    SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                    MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                    SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                    SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\permissions.sqlite

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.07329954544034102
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkiaC:DLhesh7Owd4+jiaC
                                                                                                                                                                                                                                                                                                                                                    MD5:2468A31A4744B99F68A4401781DB564D
                                                                                                                                                                                                                                                                                                                                                    SHA1:7971BDBCFCCD0E5A8DC148CC204AC38E61072D32
                                                                                                                                                                                                                                                                                                                                                    SHA-256:E5BCDC027E76D0B57CD0F109AC7F528C017E27CB380D008DC5D67874C29D1B5B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D7D34FF2F97D90A007411D2D393FC0B2C4686AE17D77C7008A930BCF76B4E88D9DE6DD86DB686E9E5E191DD209365C5B0D7874839F27F381BC4F095F2D71E8D7
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.03948115564331722
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:GHlhVItWkItRTAHI1lhVItWkItRTYlllllol8a9//Ylll4llqlyllel4lt:G7VItWzzs+VItWzz0/OL9XIwlio
                                                                                                                                                                                                                                                                                                                                                    MD5:77687DCA3702A0BEB1545A091A91AE6D
                                                                                                                                                                                                                                                                                                                                                    SHA1:D30972D1605E49E7951282668B7FC1F9959F9FB3
                                                                                                                                                                                                                                                                                                                                                    SHA-256:26C82B2E4057D1117CC366BF8AF4ED275589DD102AD4FB66124E78D2E5548BE9
                                                                                                                                                                                                                                                                                                                                                    SHA-512:FA6EC4E4935877605B05F8AF2323B029D021CD698BAC4CE5A3FFAE10DC24E3B76EF2FAD684E24F817DC9FF37BB1002985F9D890DA696E3F2D99D4B3AF9460AD9
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:..-.......................I..s..k.@.w.(....[$L..-.......................I..s..k.@.w.(....[$L........................................................'...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):163992
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.13354454495997298
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:KYfk5eLxsZ+GAh2zxsMlCXsMzqCFZ7pCF6C5WUCuSCCQE/HaaKCc7RCGOxsaD2Z7:bM5CQrAh2VJCXs4qLWeJa1VyinZk
                                                                                                                                                                                                                                                                                                                                                    MD5:BD83A76926210E137C97E33E9842E22F
                                                                                                                                                                                                                                                                                                                                                    SHA1:B91F2130D4A2B30227519451F22AAEB56B05DBB8
                                                                                                                                                                                                                                                                                                                                                    SHA-256:8A1F23D77CC0EBEF89B7A15F83EEE3FD653744CFBD08FB59859FDFB0B8242D5E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:4D562CC5BD53B13317F9F87302921CBA8984ABC10091E24BF947F4B24821062C62617C8D1B64C09882BC570C2890CB09F64E09FC958B12681E706CFFE346A7D0
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:7....-..........k.@.w.(...1~...........k.@.w.(.595Qr...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):13187
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.478455777586846
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:onPOeRnLYbBp6SJ0aX+e6SEXKEPNXV5RHWNBw8dFSl:SDejJUF5FxHEwK0
                                                                                                                                                                                                                                                                                                                                                    MD5:F0A76089E90C8CEFB4F3A22B65272ABF
                                                                                                                                                                                                                                                                                                                                                    SHA1:8746F32280CFA08E4F720AE1C38BA9D5B866A168
                                                                                                                                                                                                                                                                                                                                                    SHA-256:16EDC86FFC48E02B91FB4D02BC7D6C1E8288672C519FF9D7DB0E3EC75603C073
                                                                                                                                                                                                                                                                                                                                                    SHA-512:57BBE99B509988EA6514FA87FEDE74059E6B0B3DCC05B109D8016288B3D2B28E4066291CBD92B3A210D87882206D1257F85A6EB1916D9EB8AAB67BB8E4A72D0D
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734359065);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734359065);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734359065);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173435

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):13187
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.478455777586846
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:onPOeRnLYbBp6SJ0aX+e6SEXKEPNXV5RHWNBw8dFSl:SDejJUF5FxHEwK0
                                                                                                                                                                                                                                                                                                                                                    MD5:F0A76089E90C8CEFB4F3A22B65272ABF
                                                                                                                                                                                                                                                                                                                                                    SHA1:8746F32280CFA08E4F720AE1C38BA9D5B866A168
                                                                                                                                                                                                                                                                                                                                                    SHA-256:16EDC86FFC48E02B91FB4D02BC7D6C1E8288672C519FF9D7DB0E3EC75603C073
                                                                                                                                                                                                                                                                                                                                                    SHA-512:57BBE99B509988EA6514FA87FEDE74059E6B0B3DCC05B109D8016288B3D2B28E4066291CBD92B3A210D87882206D1257F85A6EB1916D9EB8AAB67BB8E4A72D0D
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734359065);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734359065);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734359065);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173435

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                    MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                    SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                    SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                    SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                    MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                    SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                    SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                    SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                    MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                    SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                    SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                    SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1564
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.340944104123521
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:v+USUGlcAxSxuLXnIrC/pnxQwRcrT5sKmgbGU3eHVpj5amhujJwO2c0TiVm0BtFV:GUpOxguLnRchegiU3erj54Jwc3zBtT
                                                                                                                                                                                                                                                                                                                                                    MD5:53B7CAE974A101C96DFA8D08CA8225D6
                                                                                                                                                                                                                                                                                                                                                    SHA1:A30D1819C4150C37BC36FC35E90E9CDA84389AF5
                                                                                                                                                                                                                                                                                                                                                    SHA-256:00B6BB0C10A49C70AD496A9B120A6AF0395E50DC217DEBB25FBFA6AA1351F188
                                                                                                                                                                                                                                                                                                                                                    SHA-512:FDC1E50E0B3BB109A59CEF48EE58B2561DDC04A9DA17F70EDC68AD5A6D6D305D7C2D5375DDF787FBF03113D036A84A5047233D28958F9DB51D79ECBE37D0316B
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{976e328e-dbae-459a-bd90-91b3069fc812}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1734359071034,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470...dth":116....eight":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P35404...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..httponly..fexpiry...40576,"originA...."firs

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1564
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.340944104123521
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:v+USUGlcAxSxuLXnIrC/pnxQwRcrT5sKmgbGU3eHVpj5amhujJwO2c0TiVm0BtFV:GUpOxguLnRchegiU3erj54Jwc3zBtT
                                                                                                                                                                                                                                                                                                                                                    MD5:53B7CAE974A101C96DFA8D08CA8225D6
                                                                                                                                                                                                                                                                                                                                                    SHA1:A30D1819C4150C37BC36FC35E90E9CDA84389AF5
                                                                                                                                                                                                                                                                                                                                                    SHA-256:00B6BB0C10A49C70AD496A9B120A6AF0395E50DC217DEBB25FBFA6AA1351F188
                                                                                                                                                                                                                                                                                                                                                    SHA-512:FDC1E50E0B3BB109A59CEF48EE58B2561DDC04A9DA17F70EDC68AD5A6D6D305D7C2D5375DDF787FBF03113D036A84A5047233D28958F9DB51D79ECBE37D0316B
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{976e328e-dbae-459a-bd90-91b3069fc812}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1734359071034,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470...dth":116....eight":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P35404...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..httponly..fexpiry...40576,"originA...."firs

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1564
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.340944104123521
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:v+USUGlcAxSxuLXnIrC/pnxQwRcrT5sKmgbGU3eHVpj5amhujJwO2c0TiVm0BtFV:GUpOxguLnRchegiU3erj54Jwc3zBtT
                                                                                                                                                                                                                                                                                                                                                    MD5:53B7CAE974A101C96DFA8D08CA8225D6
                                                                                                                                                                                                                                                                                                                                                    SHA1:A30D1819C4150C37BC36FC35E90E9CDA84389AF5
                                                                                                                                                                                                                                                                                                                                                    SHA-256:00B6BB0C10A49C70AD496A9B120A6AF0395E50DC217DEBB25FBFA6AA1351F188
                                                                                                                                                                                                                                                                                                                                                    SHA-512:FDC1E50E0B3BB109A59CEF48EE58B2561DDC04A9DA17F70EDC68AD5A6D6D305D7C2D5375DDF787FBF03113D036A84A5047233D28958F9DB51D79ECBE37D0316B
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{976e328e-dbae-459a-bd90-91b3069fc812}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1734359071034,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470...dth":116....eight":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P35404...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..httponly..fexpiry...40576,"originA...."firs

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage.sqlite

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                    MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                                                                                                                    SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                                                                                                                    SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.029851796569231
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:ycMMTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:vTEr5NX0z3DhRe
                                                                                                                                                                                                                                                                                                                                                    MD5:27FA34216F51FC5C5D5EFB64AE52B5C1
                                                                                                                                                                                                                                                                                                                                                    SHA1:D33B40DABBE1CE29AE802E452EF276F04DE1715C
                                                                                                                                                                                                                                                                                                                                                    SHA-256:2B996FBAFBABE7F3D46042AC64A86FBF05BA89F1D32D96B4A3578BC6042ECE59
                                                                                                                                                                                                                                                                                                                                                    SHA-512:DA3598C6B31E91910E88B2E31BFF106574A88FD2E60183264D1C16327581833B7FC95BD0BE97642C870F16EDB38374E4C9E6F5EA9198DE6E872CB79618A77BE8
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-16T14:24:10.469Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.029851796569231
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:ycMMTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:vTEr5NX0z3DhRe
                                                                                                                                                                                                                                                                                                                                                    MD5:27FA34216F51FC5C5D5EFB64AE52B5C1
                                                                                                                                                                                                                                                                                                                                                    SHA1:D33B40DABBE1CE29AE802E452EF276F04DE1715C
                                                                                                                                                                                                                                                                                                                                                    SHA-256:2B996FBAFBABE7F3D46042AC64A86FBF05BA89F1D32D96B4A3578BC6042ECE59
                                                                                                                                                                                                                                                                                                                                                    SHA-512:DA3598C6B31E91910E88B2E31BFF106574A88FD2E60183264D1C16327581833B7FC95BD0BE97642C870F16EDB38374E4C9E6F5EA9198DE6E872CB79618A77BE8
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-16T14:24:10.469Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.6905794819155515
                                                                                                                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                    File name:fNlxQP0jBz.exe
                                                                                                                                                                                                                                                                                                                                                    File size:964'608 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5:687bbf73e7b900ff5d46c6c2d23c6a40
                                                                                                                                                                                                                                                                                                                                                    SHA1:3525c527942817869fb00ee2a8aa88e78a331f3a
                                                                                                                                                                                                                                                                                                                                                    SHA256:18defb28d0c93edff52a2be5d4317dad26358a689671beda075a36db021f5525
                                                                                                                                                                                                                                                                                                                                                    SHA512:d9570e334dfb0eb347539d34a37ed973ec2ef2863d2c9d3a04d1797607f453d2faa0946ba3ba2a8a767dad1f994d1ec093fc2f5ffdc4453dbe57008f8d866c83
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:mqDEvCTbMWu7rQYlBQcBiT6rprG8alKZx:mTvC/MTQYxsWR7alK
                                                                                                                                                                                                                                                                                                                                                    TLSH:25259E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                    File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                                                                                                                    Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                    Time Stamp:0x675FF277 [Mon Dec 16 09:27:19 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                    OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                    OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                    File Version Major:5
                                                                                                                                                                                                                                                                                                                                                    File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                    Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                    Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                    Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                                                                                                                    call 00007F75146EAF53h
                                                                                                                                                                                                                                                                                                                                                    jmp 00007F75146EA85Fh
                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                    push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                    call 00007F75146EAA3Dh
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                    push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                    call 00007F75146EAA0Ah
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                    mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                    add eax, 04h
                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                    call 00007F75146ED5FDh
                                                                                                                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                    call 00007F75146ED648h
                                                                                                                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                    call 00007F75146ED631h
                                                                                                                                                                                                                                                                                                                                                    test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                    pop ecx

                                                                                                                                                                                                                                                                                                                                                    Rich Headers

                                                                                                                                                                                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                                                                                                                                                                                    • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                    • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x14cec.rsrc
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xe90000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                    .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                    .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                    .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                    .rsrc0xd40000x14cec0x14e0036ed5e4485ec1b1c34809902d5a515b2False0.6815353667664671data7.093391289728069IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                    .reloc0xe90000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd45f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd47180x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd48400x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd49680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd4c500x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd4d780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd5c200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd64c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd6a300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd8fd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xda0800x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                    RT_MENU0xda4e80x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                    RT_DIALOG0xda5380xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xda6340x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdabc80x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdb2540x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdb6e40x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdbce00x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdc33c0x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdc7a40x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                    RT_RCDATA0xdc8fc0xbe70data1.0004307515589104
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xe876c0x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xe87e40x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xe87f80x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xe880c0x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                    RT_VERSION0xe88200xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                    RT_MANIFEST0xe88fc0x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                                                                                                                    WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                    VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                    WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                    COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                    MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                    WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                    PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                    IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                    USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                    UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                    KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                    USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                    GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                    COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                    ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                    SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                    ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                    OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                    EnglishGreat Britain

                                                                                                                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:34.528942108 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:34.528981924 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:34.529731035 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:34.535727024 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:34.535751104 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.759279966 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.763346910 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.766949892 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.778388023 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.778399944 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.778563023 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.779019117 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.780142069 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.875761986 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.875797987 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.875973940 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.876004934 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.876179934 CET4971380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.876647949 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.876694918 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.878010035 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.878030062 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.879336119 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.879348040 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.996167898 CET804971334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.996242046 CET4971380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.996392965 CET4971380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.116151094 CET804971334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.432199955 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.432257891 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.434000969 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.435547113 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.435584068 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.592317104 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.592350960 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.598314047 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.600142002 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.600176096 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.611783981 CET49717443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.611812115 CET4434971735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.612464905 CET49717443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.612647057 CET49717443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.612673998 CET4434971735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.725277901 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.725315094 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.725749016 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.725749016 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.725800037 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.081736088 CET804971334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.146668911 CET4971380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.576287031 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.577006102 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.577960968 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.577989101 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.582226038 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.583723068 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.584106922 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.584136009 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.584211111 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.584297895 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.586328983 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.586343050 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.586364031 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.595467091 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.595488071 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.595552921 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.595763922 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.595822096 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.666558027 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.666692972 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.671045065 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.671066999 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.671169996 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.671452045 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.671565056 CET49719443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.671602011 CET4434971934.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.671631098 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.671710968 CET49719443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.673078060 CET49719443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.673093081 CET4434971934.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.824253082 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.832690954 CET4434971735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.832694054 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.839365959 CET4434971735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.848289967 CET49717443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.862610102 CET49717443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.862637997 CET4434971735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.863707066 CET4434971735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.865418911 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.865451097 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.865514040 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.865724087 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.867862940 CET49717443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.867908001 CET49717443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.868411064 CET4434971735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.879540920 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.879540920 CET49717443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.952754021 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.955437899 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.992485046 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.992511034 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.993550062 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.006834030 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.006967068 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.007366896 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.017230034 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.493935108 CET4971380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.508136034 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.508168936 CET4434972134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.509078026 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.510540962 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.510557890 CET4434972134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.608237028 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.614753008 CET804971334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.614913940 CET4971380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.674911022 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.728131056 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.745708942 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.746074915 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.795005083 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.805367947 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.865986109 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.891218901 CET4434971934.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.892036915 CET49719443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.899378061 CET49719443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.899418116 CET4434971934.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.899470091 CET49719443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.899581909 CET4434971934.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.899693012 CET49719443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.948261976 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.068178892 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.068523884 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.070096016 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.183527946 CET49726443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.183559895 CET4434972634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.186999083 CET49726443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.188431978 CET49726443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.188451052 CET4434972634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.189908981 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.623064995 CET49727443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.623140097 CET4434972734.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.623353958 CET49727443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.624871969 CET49727443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.624906063 CET4434972734.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.683892012 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.689672947 CET49728443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.689714909 CET4434972834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.693770885 CET49728443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.695346117 CET49728443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.695379972 CET4434972834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.716031075 CET49729443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.716063976 CET4434972935.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.717087030 CET49729443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.717328072 CET49729443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.717348099 CET4434972935.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.732482910 CET4434972134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.735524893 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.738244057 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.738255978 CET4434972134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.738389969 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.738528013 CET4434972134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.738843918 CET49730443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.738863945 CET4434973034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.738995075 CET49721443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.739025116 CET49730443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.740536928 CET49730443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.740560055 CET4434973034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.803936005 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.804016113 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.835170984 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.887672901 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.153140068 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.156837940 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.204231977 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.276698112 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.466933012 CET4434972634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.469068050 CET49726443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.473345995 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.517694950 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.730998039 CET49726443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.731085062 CET4434972634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.731123924 CET49726443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.731329918 CET4434972634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.731441975 CET49726443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.845199108 CET4434972734.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.845285892 CET49727443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.868537903 CET49727443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.868587017 CET4434972734.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.868664980 CET49727443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.869054079 CET4434972734.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.869127989 CET49727443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.915708065 CET4434972834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.915852070 CET49728443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.920311928 CET49728443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.920332909 CET4434972834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.920403004 CET49728443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.920567989 CET4434972834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.920860052 CET49728443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.932219028 CET4434972935.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.932352066 CET49729443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.934982061 CET49729443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.935014963 CET4434972935.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.935303926 CET4434972935.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.937818050 CET49729443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.937901974 CET49729443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.937988997 CET4434972935.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.938057899 CET49729443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.967967033 CET4434973034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.968060017 CET49730443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.972568989 CET49730443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.972585917 CET4434973034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.972702026 CET49730443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.972764969 CET4434973034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.972846985 CET49730443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.339473963 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.442043066 CET49733443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.442110062 CET4434973334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.448333979 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.448404074 CET4434973434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.448878050 CET49733443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.448882103 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.452883959 CET49733443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.452925920 CET4434973334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.453015089 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.453052998 CET4434973434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.460259914 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.462064028 CET49735443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.462105989 CET4434973534.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.462239981 CET49735443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.463541985 CET49735443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.463558912 CET4434973534.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.543539047 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.543584108 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.543661118 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.545003891 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.545017004 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.654526949 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.699352026 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.217912912 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.337874889 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.532407045 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.588089943 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.668649912 CET4434973334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.668665886 CET4434973334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.668735027 CET49733443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.668984890 CET4434973434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.669226885 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.671806097 CET49733443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.671829939 CET4434973334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.672148943 CET4434973334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.674312115 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.674340963 CET4434973434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.674666882 CET4434973434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.677767038 CET49733443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.677867889 CET49733443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.677939892 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.677979946 CET4434973334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.678009987 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.678107977 CET4434973434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.678134918 CET49733443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.678246021 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.679675102 CET4434973534.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.679755926 CET49735443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.684220076 CET49735443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.684233904 CET4434973534.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.684304953 CET49735443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.684437990 CET4434973534.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.684492111 CET49735443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.814203978 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.814474106 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.819577932 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.819596052 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.819698095 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.819802046 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.819940090 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:45.778407097 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:45.898751974 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:45.898891926 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.078195095 CET49750443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.078234911 CET4434975034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.081473112 CET49750443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.081639051 CET49750443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.081650972 CET4434975034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.397241116 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.399179935 CET49757443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.399209023 CET4434975734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.401025057 CET49757443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.402601957 CET49757443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.402615070 CET4434975734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.516993999 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.553369045 CET49758443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.553426981 CET4434975834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.553644896 CET49758443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.555336952 CET49758443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.555371046 CET4434975834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.711508036 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.756138086 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.799814939 CET49759443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.799880028 CET4434975934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.801723003 CET49759443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.801881075 CET49759443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.801903963 CET4434975934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.823802948 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.943614960 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:49.138190031 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:49.188750029 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:49.295595884 CET4434975034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:49.295682907 CET49750443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:49.618045092 CET4434975734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:49.618169069 CET49757443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:49.768476963 CET4434975834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:49.768568039 CET49758443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.023535013 CET4434975934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.023611069 CET49759443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.049439907 CET49750443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.049467087 CET4434975034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.049860001 CET4434975034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.056756020 CET49759443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.056839943 CET4434975934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.057609081 CET4434975934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.063072920 CET49750443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.063163042 CET49750443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.063307047 CET4434975034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.063977957 CET49757443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.064012051 CET4434975734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.064141989 CET49757443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.064229012 CET4434975734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.065080881 CET49758443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.065097094 CET4434975834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.065164089 CET49758443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.065479994 CET4434975834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.066101074 CET49759443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.066180944 CET49759443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.066390991 CET49750443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.066406012 CET49757443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.066476107 CET4434975934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.075803995 CET49758443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.075819016 CET49759443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.605179071 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.725691080 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.919637918 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.978456974 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:51.351779938 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:51.472762108 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:51.667450905 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:51.733978987 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:00.939016104 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:01.073389053 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:01.164124966 CET49785443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:01.164165020 CET4434978534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:01.164859056 CET49785443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:01.167469978 CET49785443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:01.167485952 CET4434978534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:01.678863049 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:01.799088001 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.387077093 CET4434978534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.387192011 CET49785443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.391705036 CET49785443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.391729116 CET4434978534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.391798019 CET49785443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.391896963 CET4434978534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.392919064 CET49785443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.394956112 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.514719009 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.733953953 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.737615108 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.782088995 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.857419014 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.052331924 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.098622084 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.319946051 CET49791443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.319983006 CET4434979134.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.320436001 CET49791443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.320590019 CET49791443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.320606947 CET4434979134.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.453675032 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.453716993 CET4434979635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.454282045 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.454447985 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.454463005 CET4434979635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.503012896 CET49798443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.503050089 CET4434979835.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.515855074 CET49798443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.517380953 CET49798443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.517396927 CET4434979835.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.541328907 CET49799443192.168.2.5151.101.129.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.541383982 CET44349799151.101.129.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.542758942 CET49799443192.168.2.5151.101.129.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.542918921 CET49799443192.168.2.5151.101.129.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.542952061 CET44349799151.101.129.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.648736000 CET49800443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.648793936 CET4434980035.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.649066925 CET49800443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.650335073 CET49800443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.650361061 CET4434980035.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.531721115 CET4434979134.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.531817913 CET49791443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.534780025 CET49791443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.534791946 CET4434979134.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.535110950 CET4434979134.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.536729097 CET49791443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.536730051 CET49791443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.536916971 CET4434979134.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.537022114 CET49791443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.540085077 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.659811020 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.667841911 CET4434979635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.667927027 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.670917988 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.670943022 CET4434979635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.671178102 CET4434979635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.673369884 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.673455954 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.673502922 CET4434979635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.673963070 CET49796443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.729540110 CET4434979835.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.729574919 CET4434979835.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.729726076 CET49798443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.734324932 CET49798443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.734335899 CET4434979835.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.734441996 CET49798443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.734497070 CET4434979835.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.735280991 CET49798443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.775934935 CET44349799151.101.129.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.776935101 CET49799443192.168.2.5151.101.129.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.779772997 CET49799443192.168.2.5151.101.129.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.779793978 CET44349799151.101.129.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.780308008 CET44349799151.101.129.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.782572985 CET49799443192.168.2.5151.101.129.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.782669067 CET49799443192.168.2.5151.101.129.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.782776117 CET44349799151.101.129.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.787962914 CET49799443192.168.2.5151.101.129.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.795758963 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.795815945 CET4434980135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.796103001 CET49802443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.796155930 CET4434980235.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.796437025 CET49803443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.796458006 CET4434980335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.797050953 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.797218084 CET49803443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.797218084 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.797260046 CET49802443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.797270060 CET4434980135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.797338009 CET49802443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.797390938 CET4434980235.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.797405958 CET49803443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.797440052 CET4434980335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.854094982 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.857121944 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.872843027 CET4434980035.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.873533964 CET49800443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.878228903 CET49800443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.878247023 CET4434980035.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.878366947 CET49800443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.878524065 CET4434980035.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.878635883 CET49800443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.881426096 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.892813921 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.892832994 CET4434980434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.892967939 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.893069983 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.893078089 CET4434980434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.977107048 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:05.001189947 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:05.181653976 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:05.195626974 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:05.198729038 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:05.235980988 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:05.318504095 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:05.515983105 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:05.574649096 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.051175117 CET4434980235.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.051404953 CET49802443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.051500082 CET4434980335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.051574945 CET4434980135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.051945925 CET49803443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.052190065 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.053970098 CET49802443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.053981066 CET4434980235.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.054193020 CET4434980235.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.055960894 CET49803443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.055968046 CET4434980335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.056191921 CET4434980335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.057895899 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.057919979 CET4434980135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.058254004 CET4434980135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.061184883 CET49802443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.061341047 CET4434980235.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.061342955 CET49802443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.061352015 CET4434980235.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.061825037 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.061866999 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.062012911 CET4434980135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.062195063 CET49803443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.062252998 CET49803443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.062350035 CET4434980335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.063455105 CET49803443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.063455105 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.063491106 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.063491106 CET49803443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.063570023 CET49802443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.068509102 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.103437901 CET4434980434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.107023954 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.111390114 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.111403942 CET4434980434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.111634970 CET4434980434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.114137888 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.114221096 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.114308119 CET4434980434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.114624977 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.188355923 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.382673025 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.386018038 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.423887014 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.506051064 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.701128006 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.756033897 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:16.383783102 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:16.503614902 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:16.706865072 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:16.826884031 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:22.528911114 CET49845443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:22.528954983 CET4434984534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:22.529972076 CET49845443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:22.531457901 CET49845443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:22.531480074 CET4434984534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.753386021 CET4434984534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.753488064 CET49845443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.759263039 CET49845443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.759272099 CET4434984534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.759423018 CET49845443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.759840012 CET4434984534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.759908915 CET49845443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.762171984 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.882086992 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:24.076572895 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:24.079916000 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:24.127758026 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:24.199898958 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:24.394457102 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:24.443841934 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:33.294630051 CET49873443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:33.294677973 CET4434987334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:33.295375109 CET49873443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:33.295528889 CET49873443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:33.295541048 CET4434987334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:33.316437960 CET49874443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:33.316488981 CET4434987434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:33.317349911 CET49874443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:33.317603111 CET49874443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:33.317622900 CET4434987434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.086891890 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.206886053 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.303628922 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.409939051 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.425283909 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.510452032 CET4434987334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.511198044 CET49873443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.515156984 CET49873443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.515166044 CET4434987334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.515476942 CET4434987334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.518891096 CET49873443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.519057035 CET4434987334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.522311926 CET49873443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.522320986 CET4434987334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.522648096 CET49873443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.522665977 CET49873443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.522947073 CET49873443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.529681921 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.539390087 CET4434987434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.539467096 CET49874443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.542555094 CET49874443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.542565107 CET4434987434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.543066025 CET4434987434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.544796944 CET49874443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.544984102 CET4434987434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.545841932 CET49874443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.545854092 CET4434987434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.546262980 CET49874443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.546283007 CET49874443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.546283007 CET49874443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.620541096 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.624926090 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.673131943 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.744735003 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.939537048 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.989548922 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:44.640028000 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:44.759977102 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:44.940989017 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:45.060786963 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:54.768973112 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:54.888874054 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:55.069844007 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:55.190061092 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:04.203098059 CET49946443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:04.203139067 CET4434994634.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:04.203470945 CET49946443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:04.204987049 CET49946443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:04.204998016 CET4434994634.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:04.896003962 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.015923977 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.196959972 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.316818953 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.417701960 CET4434994634.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.417850971 CET49946443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.425851107 CET49946443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.425867081 CET4434994634.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.425976992 CET49946443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.426055908 CET4434994634.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.426888943 CET49946443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.429047108 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.548793077 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.742763042 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.747250080 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.783137083 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.866945028 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:06.061353922 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:06.121851921 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:15.749998093 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:15.870049953 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:16.066625118 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:16.186412096 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:25.872936964 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:25.992703915 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:26.189578056 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:26.309526920 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:36.001125097 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:36.121788025 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:36.323101044 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:36.443324089 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:46.129340887 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:46.249830008 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:46.445830107 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:46.565897942 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:56.259135008 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:56.379237890 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:56.575668097 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:56.695740938 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:06.388154984 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:06.508299112 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:06.704597950 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:06.824714899 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:16.516923904 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:16.637012005 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:16.833395958 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:16.953373909 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:25.740545988 CET50028443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:25.740593910 CET4435002834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:25.740828991 CET50028443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:25.742490053 CET50028443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:25.742503881 CET4435002834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:26.646097898 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:26.766016960 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:26.955108881 CET4435002834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:26.955331087 CET50028443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:26.960649014 CET50028443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:26.960666895 CET4435002834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:26.960706949 CET50028443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:26.960794926 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:26.960860014 CET4435002834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:26.961586952 CET50028443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:26.963943005 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:27.080974102 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:27.084316969 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:27.278315067 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:27.282378912 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:27.325979948 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:27.402508974 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:27.597274065 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:27.648571014 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:37.285557032 CET4972580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:37.405586958 CET804972534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:37.602087021 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:37.722265005 CET804972234.107.221.82192.168.2.5

                                                                                                                                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:34.529258966 CET5788553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:34.669796944 CET53578851.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:34.673969030 CET5637153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:34.812568903 CET53563711.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.737168074 CET5217453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.737293005 CET4951053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.874535084 CET53521741.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.879451990 CET5895653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.879757881 CET5113053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.017011881 CET53589561.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.017404079 CET53511301.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.017838001 CET6122953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.018094063 CET5369953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.036844969 CET5802853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.155635118 CET53612291.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.155666113 CET53536991.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.174035072 CET53580281.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.432806015 CET5351153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.442205906 CET5572753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.570426941 CET53535111.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.572294950 CET5680853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.579457998 CET53557271.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.587034941 CET5893453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.592719078 CET6214753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.612399101 CET6183753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.709498882 CET53568081.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.724351883 CET53589341.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.725534916 CET6138653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.730132103 CET53621471.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.730804920 CET6064553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.750833035 CET53618371.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.751486063 CET5012553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.863472939 CET53613861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.864351034 CET6193253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.869443893 CET53606451.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.888999939 CET53501251.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.001936913 CET53619321.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.163395882 CET5503753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.163850069 CET5428053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.300899982 CET53550371.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.301872969 CET53542801.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.469774008 CET4968353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.505994081 CET5200553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.944072008 CET53518081.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.135823965 CET5508953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.183734894 CET6103553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.371092081 CET53550891.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.371226072 CET53610351.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.389595985 CET6261553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.389880896 CET5056253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.456912041 CET5828353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.527461052 CET53626151.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.527820110 CET53505621.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.543143034 CET6007953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.594468117 CET53582831.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.625492096 CET5354653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.681082010 CET53600791.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.763688087 CET53535461.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.770144939 CET5367753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.908478022 CET53536771.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.328536987 CET5985453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.340470076 CET5441653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.465981007 CET53598541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.467654943 CET6347953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.605886936 CET53634791.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.606712103 CET5311653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.745551109 CET53531161.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.563688993 CET5684353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.564011097 CET6405653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.564280987 CET6334653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.701226950 CET53568431.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.701528072 CET53633461.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.703305006 CET53640561.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.075268030 CET5460053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.075632095 CET5743253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.075632095 CET6164953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.216228008 CET53574321.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.216785908 CET53546001.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.216928959 CET53616491.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.217078924 CET6076653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.217822075 CET5859953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.218715906 CET5787253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.355026007 CET53585991.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.357142925 CET53607661.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.357517004 CET5357253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.358200073 CET5385253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.358340979 CET53578721.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.359383106 CET5098753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.413350105 CET5260353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.495228052 CET53538521.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.496572971 CET53509871.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.496958971 CET5227053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.550926924 CET53526031.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.553940058 CET5745753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.562288046 CET53535721.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.563689947 CET6240153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.635169983 CET53522701.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.636116982 CET6255853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.695714951 CET53574571.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.719866037 CET53624011.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.721343994 CET5767553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.773672104 CET53625581.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.938271046 CET53576751.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:01.163918972 CET6347453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:01.301101923 CET53634741.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.317415953 CET5908353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.454288006 CET5885053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.510073900 CET5249353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.538058996 CET53590831.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.541563988 CET6258053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.647625923 CET53524931.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.679171085 CET53625801.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.680018902 CET5026853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.702183008 CET53588501.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.702882051 CET5956153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.703310013 CET6389353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.839880943 CET53595611.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.842063904 CET53638931.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.842853069 CET5355453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.899827003 CET53502681.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.981127024 CET53535541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:22.529974937 CET5107553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:22.667570114 CET53510751.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:33.293823957 CET5147753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:33.431103945 CET53514771.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:04.050482988 CET5898953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:04.199883938 CET53589891.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:04.203351974 CET6223253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:04.341084957 CET53622321.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.429342985 CET5184853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:25.461215973 CET5964253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:25.598984957 CET53596421.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:25.600362062 CET5275153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:25.738954067 CET53527511.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:25.740592003 CET5881653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:25.879924059 CET53588161.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:26.964248896 CET6319753192.168.2.51.1.1.1

                                                                                                                                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:34.529258966 CET192.168.2.51.1.1.10x2548Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:34.673969030 CET192.168.2.51.1.1.10xb625Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.737168074 CET192.168.2.51.1.1.10xebdbStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.737293005 CET192.168.2.51.1.1.10x5217Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.879451990 CET192.168.2.51.1.1.10x2104Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.879757881 CET192.168.2.51.1.1.10x2384Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.017838001 CET192.168.2.51.1.1.10x8875Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.018094063 CET192.168.2.51.1.1.10x4694Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.036844969 CET192.168.2.51.1.1.10xffaaStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.432806015 CET192.168.2.51.1.1.10xe53eStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.442205906 CET192.168.2.51.1.1.10x5d41Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.572294950 CET192.168.2.51.1.1.10x6544Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.587034941 CET192.168.2.51.1.1.10xb0ffStandard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.592719078 CET192.168.2.51.1.1.10x425eStandard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.612399101 CET192.168.2.51.1.1.10x42d6Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.725534916 CET192.168.2.51.1.1.10x5a83Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.730804920 CET192.168.2.51.1.1.10xe9b6Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.751486063 CET192.168.2.51.1.1.10x8213Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.864351034 CET192.168.2.51.1.1.10x90d7Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.163395882 CET192.168.2.51.1.1.10x97e3Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.163850069 CET192.168.2.51.1.1.10x24c7Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.469774008 CET192.168.2.51.1.1.10x1c63Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.505994081 CET192.168.2.51.1.1.10xd9b1Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.135823965 CET192.168.2.51.1.1.10xa525Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.183734894 CET192.168.2.51.1.1.10xb1c8Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.389595985 CET192.168.2.51.1.1.10x570Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.389880896 CET192.168.2.51.1.1.10x72c6Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.456912041 CET192.168.2.51.1.1.10x211Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.543143034 CET192.168.2.51.1.1.10x5453Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.625492096 CET192.168.2.51.1.1.10x17b2Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.770144939 CET192.168.2.51.1.1.10x28aeStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.328536987 CET192.168.2.51.1.1.10x31e6Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.340470076 CET192.168.2.51.1.1.10x1b4eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.467654943 CET192.168.2.51.1.1.10xb917Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.606712103 CET192.168.2.51.1.1.10x1be8Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.563688993 CET192.168.2.51.1.1.10x60ebStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.564011097 CET192.168.2.51.1.1.10xf843Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.564280987 CET192.168.2.51.1.1.10x4c42Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.075268030 CET192.168.2.51.1.1.10x3e8bStandard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.075632095 CET192.168.2.51.1.1.10x1263Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.075632095 CET192.168.2.51.1.1.10xc211Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.217078924 CET192.168.2.51.1.1.10x3f6fStandard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.217822075 CET192.168.2.51.1.1.10xc10eStandard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.218715906 CET192.168.2.51.1.1.10xf10eStandard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.357517004 CET192.168.2.51.1.1.10xc866Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.358200073 CET192.168.2.51.1.1.10x62a7Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.359383106 CET192.168.2.51.1.1.10x9749Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.413350105 CET192.168.2.51.1.1.10x125aStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.496958971 CET192.168.2.51.1.1.10xf62aStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.553940058 CET192.168.2.51.1.1.10xd074Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.563689947 CET192.168.2.51.1.1.10xd855Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.636116982 CET192.168.2.51.1.1.10x7b72Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.721343994 CET192.168.2.51.1.1.10x8457Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:01.163918972 CET192.168.2.51.1.1.10x62a4Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.317415953 CET192.168.2.51.1.1.10x7551Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.454288006 CET192.168.2.51.1.1.10xb1f8Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.510073900 CET192.168.2.51.1.1.10x5619Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.541563988 CET192.168.2.51.1.1.10xa96cStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.680018902 CET192.168.2.51.1.1.10xbd3bStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.702882051 CET192.168.2.51.1.1.10xdc8cStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.703310013 CET192.168.2.51.1.1.10x3a5Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.842853069 CET192.168.2.51.1.1.10xc3b4Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:22.529974937 CET192.168.2.51.1.1.10x1b30Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:33.293823957 CET192.168.2.51.1.1.10xb2e2Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:04.050482988 CET192.168.2.51.1.1.10x6ba9Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:04.203351974 CET192.168.2.51.1.1.10x9e86Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.429342985 CET192.168.2.51.1.1.10x24faStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:25.461215973 CET192.168.2.51.1.1.10x14cdStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:25.600362062 CET192.168.2.51.1.1.10xf7aaStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:25.740592003 CET192.168.2.51.1.1.10x7eeaStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:26.964248896 CET192.168.2.51.1.1.10x6293Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:34.519503117 CET1.1.1.1192.168.2.50xe4c2No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:34.669796944 CET1.1.1.1192.168.2.50x2548No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.874535084 CET1.1.1.1192.168.2.50xebdbNo error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.874836922 CET1.1.1.1192.168.2.50x5217No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.874836922 CET1.1.1.1192.168.2.50x5217No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.017011881 CET1.1.1.1192.168.2.50x2104No error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.017404079 CET1.1.1.1192.168.2.50x2384No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.155635118 CET1.1.1.1192.168.2.50x8875No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.155666113 CET1.1.1.1192.168.2.50x4694No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.174035072 CET1.1.1.1192.168.2.50xffaaNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.570426941 CET1.1.1.1192.168.2.50xe53eNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.579457998 CET1.1.1.1192.168.2.50x5d41No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.579457998 CET1.1.1.1192.168.2.50x5d41No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.610872984 CET1.1.1.1192.168.2.50xdea5No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.610872984 CET1.1.1.1192.168.2.50xdea5No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.724351883 CET1.1.1.1192.168.2.50xb0ffNo error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.724351883 CET1.1.1.1192.168.2.50xb0ffNo error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.724351883 CET1.1.1.1192.168.2.50xb0ffNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.730132103 CET1.1.1.1192.168.2.50x425eNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.750833035 CET1.1.1.1192.168.2.50x42d6No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:36.863472939 CET1.1.1.1192.168.2.50x5a83No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.001936913 CET1.1.1.1192.168.2.50x90d7No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.300899982 CET1.1.1.1192.168.2.50x97e3No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.301872969 CET1.1.1.1192.168.2.50x24c7No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.301872969 CET1.1.1.1192.168.2.50x24c7No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.607146025 CET1.1.1.1192.168.2.50x1c63No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.607146025 CET1.1.1.1192.168.2.50x1c63No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.644380093 CET1.1.1.1192.168.2.50xd9b1No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.182075977 CET1.1.1.1192.168.2.50xf791No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.371092081 CET1.1.1.1192.168.2.50xa525No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.371226072 CET1.1.1.1192.168.2.50xb1c8No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.527820110 CET1.1.1.1192.168.2.50x72c6No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.594468117 CET1.1.1.1192.168.2.50x211No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.594468117 CET1.1.1.1192.168.2.50x211No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.693965912 CET1.1.1.1192.168.2.50x59ffNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.693965912 CET1.1.1.1192.168.2.50x59ffNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.763688087 CET1.1.1.1192.168.2.50x17b2No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.465981007 CET1.1.1.1192.168.2.50x31e6No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.465981007 CET1.1.1.1192.168.2.50x31e6No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.465981007 CET1.1.1.1192.168.2.50x31e6No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.482337952 CET1.1.1.1192.168.2.50x1b4eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.482337952 CET1.1.1.1192.168.2.50x1b4eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.532923937 CET1.1.1.1192.168.2.50x45baNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.605886936 CET1.1.1.1192.168.2.50xb917No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.701226950 CET1.1.1.1192.168.2.50x60ebNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.701226950 CET1.1.1.1192.168.2.50x60ebNo error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.701226950 CET1.1.1.1192.168.2.50x60ebNo error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.701226950 CET1.1.1.1192.168.2.50x60ebNo error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.701226950 CET1.1.1.1192.168.2.50x60ebNo error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.701226950 CET1.1.1.1192.168.2.50x60ebNo error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.701226950 CET1.1.1.1192.168.2.50x60ebNo error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.701226950 CET1.1.1.1192.168.2.50x60ebNo error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.701226950 CET1.1.1.1192.168.2.50x60ebNo error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.701226950 CET1.1.1.1192.168.2.50x60ebNo error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.701226950 CET1.1.1.1192.168.2.50x60ebNo error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.701226950 CET1.1.1.1192.168.2.50x60ebNo error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.701528072 CET1.1.1.1192.168.2.50x4c42No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.701528072 CET1.1.1.1192.168.2.50x4c42No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.703305006 CET1.1.1.1192.168.2.50xf843No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:47.703305006 CET1.1.1.1192.168.2.50xf843No error (0)star-mini.c10r.facebook.com157.240.195.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.216228008 CET1.1.1.1192.168.2.50x1263No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.216228008 CET1.1.1.1192.168.2.50x1263No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.216228008 CET1.1.1.1192.168.2.50x1263No error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.216228008 CET1.1.1.1192.168.2.50x1263No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.216228008 CET1.1.1.1192.168.2.50x1263No error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.216228008 CET1.1.1.1192.168.2.50x1263No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.216228008 CET1.1.1.1192.168.2.50x1263No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.216228008 CET1.1.1.1192.168.2.50x1263No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.216228008 CET1.1.1.1192.168.2.50x1263No error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.216228008 CET1.1.1.1192.168.2.50x1263No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.216228008 CET1.1.1.1192.168.2.50x1263No error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.216228008 CET1.1.1.1192.168.2.50x1263No error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.216785908 CET1.1.1.1192.168.2.50x3e8bNo error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.216928959 CET1.1.1.1192.168.2.50xc211No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.355026007 CET1.1.1.1192.168.2.50xc10eNo error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.357142925 CET1.1.1.1192.168.2.50x3f6fNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.357142925 CET1.1.1.1192.168.2.50x3f6fNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.357142925 CET1.1.1.1192.168.2.50x3f6fNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.357142925 CET1.1.1.1192.168.2.50x3f6fNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.358340979 CET1.1.1.1192.168.2.50xf10eNo error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.495228052 CET1.1.1.1192.168.2.50x62a7No error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.550926924 CET1.1.1.1192.168.2.50x125aNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.562288046 CET1.1.1.1192.168.2.50xc866No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.562288046 CET1.1.1.1192.168.2.50xc866No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.562288046 CET1.1.1.1192.168.2.50xc866No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.562288046 CET1.1.1.1192.168.2.50xc866No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.562288046 CET1.1.1.1192.168.2.50xc866No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.635169983 CET1.1.1.1192.168.2.50xf62aNo error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.719866037 CET1.1.1.1192.168.2.50xd855No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.719866037 CET1.1.1.1192.168.2.50xd855No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.719866037 CET1.1.1.1192.168.2.50xd855No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.719866037 CET1.1.1.1192.168.2.50xd855No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.448277950 CET1.1.1.1192.168.2.50x69abNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.448277950 CET1.1.1.1192.168.2.50x69abNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.538058996 CET1.1.1.1192.168.2.50x7551No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.538058996 CET1.1.1.1192.168.2.50x7551No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.538058996 CET1.1.1.1192.168.2.50x7551No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.538058996 CET1.1.1.1192.168.2.50x7551No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.647625923 CET1.1.1.1192.168.2.50x5619No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.647625923 CET1.1.1.1192.168.2.50x5619No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.679171085 CET1.1.1.1192.168.2.50xa96cNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.679171085 CET1.1.1.1192.168.2.50xa96cNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.679171085 CET1.1.1.1192.168.2.50xa96cNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.679171085 CET1.1.1.1192.168.2.50xa96cNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.702183008 CET1.1.1.1192.168.2.50xb1f8No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.842063904 CET1.1.1.1192.168.2.50x3a5No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.899827003 CET1.1.1.1192.168.2.50xbd3bNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.899827003 CET1.1.1.1192.168.2.50xbd3bNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.899827003 CET1.1.1.1192.168.2.50xbd3bNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.899827003 CET1.1.1.1192.168.2.50xbd3bNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.299349070 CET1.1.1.1192.168.2.50xf60cNo error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.299349070 CET1.1.1.1192.168.2.50xf60cNo error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:04.199883938 CET1.1.1.1192.168.2.50x6ba9No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.568151951 CET1.1.1.1192.168.2.50x24faNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.568151951 CET1.1.1.1192.168.2.50x24faNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:25.598984957 CET1.1.1.1192.168.2.50x14cdNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:25.738954067 CET1.1.1.1192.168.2.50xf7aaNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:27.102807045 CET1.1.1.1192.168.2.50x6293No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:27.102807045 CET1.1.1.1192.168.2.50x6293No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                    • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    0192.168.2.54971334.107.221.82802300C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:35.996392965 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:37.081736088 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 79929
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    1192.168.2.54972234.107.221.82802300C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:38.746074915 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.835170984 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 9760
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.156837940 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.473345995 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 9761
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.217912912 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:43.532407045 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 9764
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.823802948 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:49.138190031 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 9769
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:51.351779938 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:51.667450905 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 9772
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:01.678863049 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.737615108 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:03.052331924 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 9783
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.857121944 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:05.181653976 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 9786
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:05.198729038 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:05.515983105 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 9786
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.386018038 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.701128006 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 9787
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:16.706865072 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:24.079916000 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:24.394457102 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 9805
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.409939051 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.624926090 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.939537048 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 9815
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:44.940989017 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:55.069844007 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.196959972 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.747250080 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:06.061353922 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 9846
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:16.066625118 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:26.189578056 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:36.323101044 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:46.445830107 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:27.282378912 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:27.597274065 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Mon, 16 Dec 2024 10:09:59 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 9928
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    2192.168.2.54972534.107.221.82802300C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:39.070096016 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:40.153140068 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55381
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.339473963 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:42.654526949 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55384
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.397241116 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:48.711508036 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55390
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.605179071 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:52:50.919637918 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55392
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:00.939016104 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.394956112 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:02.733953953 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55404
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.540085077 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.854094982 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55406
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:04.881426096 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:05.195626974 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55407
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.068509102 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:06.382673025 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55408
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:16.383783102 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:23.762171984 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:24.076572895 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55425
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.086891890 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.303628922 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:34.620541096 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55436
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:44.640028000 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:53:54.768973112 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:04.896003962 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.429047108 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:05.742763042 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55467
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:15.749998093 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:25.872936964 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:36.001125097 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:54:46.129340887 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:26.963943005 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 13:55:27.278315067 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 21:29:38 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 55549
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                                                                                                                    Start time:07:52:26
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\fNlxQP0jBz.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\fNlxQP0jBz.exe"
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x3c0000
                                                                                                                                                                                                                                                                                                                                                    File size:964'608 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:687BBF73E7B900FF5D46C6C2D23C6A40
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                                                                                                                                                    Start time:07:52:27
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0xc90000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                                                                                                                                                    Start time:07:52:27
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                                                                                                                                    Start time:07:52:29
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0xc90000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                                                                                                                                    Start time:07:52:29
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                                                                                                                                                                    Start time:07:52:29
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0xc90000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                                                                                                                                                    Start time:07:52:29
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                                                                                                                                                                    Start time:07:52:30
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0xc90000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                                                                                                                                                    Start time:07:52:30
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                                                                                                                                                                    Start time:07:52:30
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0xc90000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                                                                                                                                                                    Start time:07:52:30
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                                                                                                                                                                                    Start time:07:52:30
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                                                                                                                                                                    Start time:07:52:30
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                                                                                                                                                                    Start time:07:52:30
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:16
                                                                                                                                                                                                                                                                                                                                                    Start time:07:52:32
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2188 -parentBuildID 20230927232528 -prefsHandle 2108 -prefMapHandle 2100 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12907ec4-232e-4d05-b7ce-d91f899773f5} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" 1d9a636ed10 socket
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:17
                                                                                                                                                                                                                                                                                                                                                    Start time:07:52:33
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2976 -parentBuildID 20230927232528 -prefsHandle 2704 -prefMapHandle 2700 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f38d267-c9b2-44d4-9744-10d37a4fa31f} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" 1d9b6f50a10 rdd
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:18
                                                                                                                                                                                                                                                                                                                                                    Start time:07:52:38
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5064 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5012 -prefMapHandle 5000 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f627ac23-b8c5-4c14-adf9-e863221972c9} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" 1d9b8573110 utility
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                                                                                                      Execution Coverage:2.6%
                                                                                                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                      Signature Coverage:6.2%
                                                                                                                                                                                                                                                                                                                                                      Total number of Nodes:1784
                                                                                                                                                                                                                                                                                                                                                      Total number of Limit Nodes:47
                                                                                                                                                                                                                                                                                                                                                      execution_graph 95090 3cdefc 95093 3c1d6f 95090->95093 95092 3cdf07 95094 3c1d8c 95093->95094 95102 3c1f6f 95094->95102 95096 3c1da6 95097 402759 95096->95097 95099 3c1e36 95096->95099 95100 3c1dc2 95096->95100 95106 43359c 82 API calls __wsopen_s 95097->95106 95099->95092 95100->95099 95105 3c289a 23 API calls 95100->95105 95107 3cec40 95102->95107 95104 3c1f98 95104->95096 95105->95099 95106->95099 95125 3cec76 ISource 95107->95125 95108 3e00a3 29 API calls pre_c_initialization 95108->95125 95109 3e01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95109->95125 95110 414beb 95198 43359c 82 API calls __wsopen_s 95110->95198 95111 3dfddb 22 API calls 95111->95125 95112 3cfef7 95126 3ced9d ISource 95112->95126 95194 3ca8c7 22 API calls __fread_nolock 95112->95194 95115 3cf3ae ISource 95115->95126 95195 43359c 82 API calls __wsopen_s 95115->95195 95116 414b0b 95196 43359c 82 API calls __wsopen_s 95116->95196 95117 3ca8c7 22 API calls 95117->95125 95118 414600 95118->95126 95193 3ca8c7 22 API calls __fread_nolock 95118->95193 95124 3e0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95124->95125 95125->95108 95125->95109 95125->95110 95125->95111 95125->95112 95125->95115 95125->95116 95125->95117 95125->95118 95125->95124 95125->95126 95127 3cfbe3 95125->95127 95128 3ca961 22 API calls 95125->95128 95131 3d01e0 95125->95131 95192 3d06a0 41 API calls ISource 95125->95192 95126->95104 95127->95115 95127->95126 95129 414bdc 95127->95129 95128->95125 95197 43359c 82 API calls __wsopen_s 95129->95197 95132 3d0206 95131->95132 95148 3d027e 95131->95148 95133 415411 95132->95133 95134 3d0213 95132->95134 95272 447b7e 348 API calls 2 library calls 95133->95272 95141 415435 95134->95141 95144 3d021d 95134->95144 95135 415405 95271 43359c 82 API calls __wsopen_s 95135->95271 95137 415466 95142 415471 95137->95142 95143 415493 95137->95143 95138 3cec40 348 API calls 95138->95148 95141->95137 95147 41544d 95141->95147 95274 447b7e 348 API calls 2 library calls 95142->95274 95199 445689 95143->95199 95186 3d0230 ISource 95144->95186 95335 3ca8c7 22 API calls __fread_nolock 95144->95335 95146 3d0405 95146->95125 95273 43359c 82 API calls __wsopen_s 95147->95273 95148->95138 95148->95146 95155 4151b9 95148->95155 95167 3d03f9 95148->95167 95174 4151ce ISource 95148->95174 95175 3d0344 95148->95175 95182 3d03b2 ISource 95148->95182 95153 415332 95153->95186 95270 3ca8c7 22 API calls __fread_nolock 95153->95270 95267 43359c 82 API calls __wsopen_s 95155->95267 95156 41568a 95159 4156c0 95156->95159 95370 447771 67 API calls 95156->95370 95158 415532 95275 431119 22 API calls 95158->95275 95164 3caceb 23 API calls 95159->95164 95161 415668 95337 3c7510 95161->95337 95189 3d0273 ISource 95164->95189 95166 41569e 95169 3c7510 53 API calls 95166->95169 95167->95146 95266 43359c 82 API calls __wsopen_s 95167->95266 95168 4154b9 95206 430acc 95168->95206 95185 4156a6 _wcslen 95169->95185 95173 415544 95276 3ca673 22 API calls 95173->95276 95174->95182 95174->95189 95268 43359c 82 API calls __wsopen_s 95174->95268 95175->95167 95265 3d04f0 22 API calls 95175->95265 95176 3d03a5 95176->95167 95176->95182 95179 415670 _wcslen 95179->95156 95360 3caceb 95179->95360 95181 41554d 95188 430acc 22 API calls 95181->95188 95182->95135 95182->95153 95182->95186 95182->95189 95269 3da308 348 API calls 95182->95269 95185->95159 95187 3caceb 23 API calls 95185->95187 95186->95156 95186->95189 95336 447632 54 API calls __wsopen_s 95186->95336 95187->95159 95190 415566 95188->95190 95189->95125 95277 3cbf40 95190->95277 95192->95125 95193->95126 95194->95126 95195->95126 95196->95126 95197->95110 95198->95126 95200 4456a4 95199->95200 95201 41549e 95199->95201 95371 3dfe0b 95200->95371 95201->95158 95201->95168 95204 4456c6 95204->95201 95381 3dfddb 95204->95381 95391 430a59 95204->95391 95207 4154e3 95206->95207 95208 430ada 95206->95208 95210 3d1310 95207->95210 95208->95207 95209 3dfddb 22 API calls 95208->95209 95209->95207 95211 3d1376 95210->95211 95212 3d17b0 95210->95212 95213 416331 95211->95213 95214 3d1390 95211->95214 95453 3e0242 5 API calls __Init_thread_wait 95212->95453 95463 44709c 348 API calls 95213->95463 95410 3d1940 95214->95410 95218 3d17ba 95221 3d17fb 95218->95221 95454 3c9cb3 95218->95454 95220 41633d 95220->95186 95225 416346 95221->95225 95227 3d182c 95221->95227 95222 3d1940 9 API calls 95224 3d13b6 95222->95224 95224->95221 95226 3d13ec 95224->95226 95464 43359c 82 API calls __wsopen_s 95225->95464 95226->95225 95233 3d1408 __fread_nolock 95226->95233 95229 3caceb 23 API calls 95227->95229 95231 3d1839 95229->95231 95230 3d17d4 95460 3e01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95230->95460 95461 3dd217 348 API calls 95231->95461 95233->95231 95235 41636e 95233->95235 95241 3dfddb 22 API calls 95233->95241 95242 3dfe0b 22 API calls 95233->95242 95249 3cec40 348 API calls 95233->95249 95251 3d152f 95233->95251 95252 3d15c7 ISource 95233->95252 95253 4163b2 95233->95253 95465 43359c 82 API calls __wsopen_s 95235->95465 95237 4163d1 95467 445745 54 API calls _wcslen 95237->95467 95238 3d153c 95240 3d1940 9 API calls 95238->95240 95243 3d1549 95240->95243 95241->95233 95242->95233 95246 3d1940 9 API calls 95243->95246 95243->95252 95245 3d171d 95245->95186 95256 3d1563 95246->95256 95247 3d1872 95462 3dfaeb 23 API calls 95247->95462 95249->95233 95250 3d167b ISource 95250->95245 95448 3dce17 95250->95448 95251->95237 95251->95238 95252->95247 95252->95250 95255 3d1940 9 API calls 95252->95255 95420 451591 95252->95420 95423 44ab67 95252->95423 95426 435c5a 95252->95426 95431 3df645 95252->95431 95438 44a2ea 95252->95438 95443 44abf7 95252->95443 95469 43359c 82 API calls __wsopen_s 95252->95469 95466 43359c 82 API calls __wsopen_s 95253->95466 95255->95252 95256->95252 95468 3ca8c7 22 API calls __fread_nolock 95256->95468 95265->95176 95266->95189 95267->95174 95268->95182 95269->95182 95270->95186 95271->95133 95272->95186 95273->95189 95274->95186 95275->95173 95276->95181 95674 3cadf0 95277->95674 95279 3cbf9d 95280 3cbfa9 95279->95280 95281 4104b6 95279->95281 95283 3cc01e 95280->95283 95284 4104c6 95280->95284 95691 43359c 82 API calls __wsopen_s 95281->95691 95679 3cac91 95283->95679 95692 43359c 82 API calls __wsopen_s 95284->95692 95288 3cc7da 95292 3dfe0b 22 API calls 95288->95292 95289 427120 22 API calls 95332 3cc039 ISource __fread_nolock 95289->95332 95300 3cc808 __fread_nolock 95292->95300 95295 4104f5 95297 41055a 95295->95297 95693 3dd217 348 API calls 95295->95693 95322 3cc603 95297->95322 95694 43359c 82 API calls __wsopen_s 95297->95694 95298 3dfddb 22 API calls 95298->95332 95299 3cec40 348 API calls 95299->95332 95302 3dfe0b 22 API calls 95300->95302 95301 41091a 95722 433209 23 API calls 95301->95722 95333 3cc350 ISource __fread_nolock 95302->95333 95303 3caf8a 22 API calls 95303->95332 95306 4108a5 95307 3cec40 348 API calls 95306->95307 95309 4108cf 95307->95309 95309->95322 95717 3ca81b 95309->95717 95310 410591 95695 43359c 82 API calls __wsopen_s 95310->95695 95311 4108f6 95721 43359c 82 API calls __wsopen_s 95311->95721 95316 3cbbe0 40 API calls 95316->95332 95317 3caceb 23 API calls 95317->95332 95318 3cc237 95319 3cc253 95318->95319 95723 3ca8c7 22 API calls __fread_nolock 95318->95723 95323 410976 95319->95323 95327 3cc297 ISource 95319->95327 95320 3dfe0b 22 API calls 95320->95332 95322->95186 95325 3caceb 23 API calls 95323->95325 95324 3dce17 22 API calls 95324->95333 95326 4109bf 95325->95326 95326->95322 95724 43359c 82 API calls __wsopen_s 95326->95724 95327->95326 95328 3caceb 23 API calls 95327->95328 95329 3cc335 95328->95329 95329->95326 95330 3cc342 95329->95330 95690 3ca704 22 API calls ISource 95330->95690 95332->95288 95332->95289 95332->95295 95332->95297 95332->95298 95332->95299 95332->95300 95332->95301 95332->95303 95332->95306 95332->95310 95332->95311 95332->95316 95332->95317 95332->95318 95332->95320 95332->95322 95332->95326 95683 3cad81 95332->95683 95696 427099 22 API calls __fread_nolock 95332->95696 95697 445745 54 API calls _wcslen 95332->95697 95698 3daa42 22 API calls ISource 95332->95698 95699 42f05c 40 API calls 95332->95699 95700 3ca993 95332->95700 95333->95324 95334 3cc3ac 95333->95334 95334->95186 95335->95186 95336->95161 95338 3c7525 95337->95338 95354 3c7522 95337->95354 95339 3c752d 95338->95339 95341 3c755b 95338->95341 95752 3e51c6 26 API calls 95339->95752 95342 4050f6 95341->95342 95345 3c756d 95341->95345 95350 40500f 95341->95350 95755 3e5183 26 API calls 95342->95755 95343 3c753d 95349 3dfddb 22 API calls 95343->95349 95753 3dfb21 51 API calls 95345->95753 95346 40510e 95346->95346 95351 3c7547 95349->95351 95353 3dfe0b 22 API calls 95350->95353 95359 405088 95350->95359 95352 3c9cb3 22 API calls 95351->95352 95352->95354 95355 405058 95353->95355 95354->95179 95356 3dfddb 22 API calls 95355->95356 95357 40507f 95356->95357 95358 3c9cb3 22 API calls 95357->95358 95358->95359 95754 3dfb21 51 API calls 95359->95754 95361 3cacf9 95360->95361 95362 3cad2a ISource 95360->95362 95363 3cad55 95361->95363 95365 3cad01 ISource 95361->95365 95362->95156 95363->95362 95756 3ca8c7 22 API calls __fread_nolock 95363->95756 95365->95362 95366 40fa48 95365->95366 95367 3cad21 95365->95367 95366->95362 95368 3dce17 22 API calls 95366->95368 95367->95362 95369 40fa3a VariantClear 95367->95369 95368->95362 95369->95362 95370->95166 95374 3dfddb 95371->95374 95373 3dfdfa 95373->95204 95374->95373 95378 3dfdfc 95374->95378 95395 3eea0c 95374->95395 95402 3e4ead 7 API calls 2 library calls 95374->95402 95376 3e066d 95404 3e32a4 RaiseException 95376->95404 95378->95376 95403 3e32a4 RaiseException 95378->95403 95379 3e068a 95379->95204 95384 3dfde0 95381->95384 95382 3eea0c ___std_exception_copy 21 API calls 95382->95384 95383 3dfdfa 95383->95204 95384->95382 95384->95383 95386 3dfdfc 95384->95386 95407 3e4ead 7 API calls 2 library calls 95384->95407 95390 3e066d 95386->95390 95408 3e32a4 RaiseException 95386->95408 95388 3e068a 95388->95204 95409 3e32a4 RaiseException 95390->95409 95392 430a7a 95391->95392 95393 3dfddb 22 API calls 95392->95393 95394 430a85 95392->95394 95393->95394 95394->95204 95400 3f3820 __dosmaperr 95395->95400 95396 3f385e 95406 3ef2d9 20 API calls __dosmaperr 95396->95406 95398 3f3849 RtlAllocateHeap 95399 3f385c 95398->95399 95398->95400 95399->95374 95400->95396 95400->95398 95405 3e4ead 7 API calls 2 library calls 95400->95405 95402->95374 95403->95376 95404->95379 95405->95400 95406->95399 95407->95384 95408->95390 95409->95388 95411 3d1981 95410->95411 95415 3d195d 95410->95415 95470 3e0242 5 API calls __Init_thread_wait 95411->95470 95414 3d8727 95419 3d13a0 95414->95419 95473 3e01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95414->95473 95415->95419 95472 3e0242 5 API calls __Init_thread_wait 95415->95472 95416 3d198b 95416->95415 95471 3e01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95416->95471 95419->95222 95474 452ad8 95420->95474 95422 45159f 95422->95252 95508 44aff9 95423->95508 95427 3c7510 53 API calls 95426->95427 95428 435c6d 95427->95428 95636 42dbbe lstrlenW 95428->95636 95430 435c77 95430->95252 95432 3cb567 39 API calls 95431->95432 95433 3df659 95432->95433 95434 3df661 timeGetTime 95433->95434 95435 41f2dc Sleep 95433->95435 95436 3cb567 39 API calls 95434->95436 95437 3df677 95436->95437 95437->95252 95439 3c7510 53 API calls 95438->95439 95440 44a306 95439->95440 95641 42d4dc CreateToolhelp32Snapshot Process32FirstW 95440->95641 95442 44a315 95442->95252 95444 44aff9 217 API calls 95443->95444 95446 44ac0c 95444->95446 95445 44ac54 95445->95252 95446->95445 95447 3caceb 23 API calls 95446->95447 95447->95445 95449 3dce1f 95448->95449 95450 3dce43 95449->95450 95662 3cb010 95449->95662 95450->95250 95452 3dce2a ISource 95452->95250 95453->95218 95455 3c9cc2 _wcslen 95454->95455 95456 3dfe0b 22 API calls 95455->95456 95457 3c9cea __fread_nolock 95456->95457 95458 3dfddb 22 API calls 95457->95458 95459 3c9d00 95458->95459 95459->95230 95460->95221 95461->95247 95462->95247 95463->95220 95464->95252 95465->95252 95466->95252 95467->95256 95468->95252 95469->95252 95470->95416 95471->95415 95472->95414 95473->95419 95475 3caceb 23 API calls 95474->95475 95476 452af3 95475->95476 95477 452b1d 95476->95477 95478 452aff 95476->95478 95485 3c6b57 95477->95485 95479 3c7510 53 API calls 95478->95479 95481 452b0c 95479->95481 95482 452b1b 95481->95482 95484 3ca8c7 22 API calls __fread_nolock 95481->95484 95482->95422 95484->95482 95486 404ba1 95485->95486 95488 3c6b67 _wcslen 95485->95488 95498 3c93b2 95486->95498 95490 3c6b7d 95488->95490 95491 3c6ba2 95488->95491 95489 404baa 95489->95489 95497 3c6f34 22 API calls 95490->95497 95492 3dfddb 22 API calls 95491->95492 95495 3c6bae 95492->95495 95494 3c6b85 __fread_nolock 95494->95482 95496 3dfe0b 22 API calls 95495->95496 95496->95494 95497->95494 95499 3c93c0 95498->95499 95501 3c93c9 __fread_nolock 95498->95501 95499->95501 95502 3caec9 95499->95502 95501->95489 95503 3caedc 95502->95503 95504 3caed9 __fread_nolock 95502->95504 95505 3dfddb 22 API calls 95503->95505 95504->95501 95506 3caee7 95505->95506 95507 3dfe0b 22 API calls 95506->95507 95507->95504 95509 44b01d ___scrt_fastfail 95508->95509 95510 44b094 95509->95510 95511 44b058 95509->95511 95514 3cb567 39 API calls 95510->95514 95518 44b08b 95510->95518 95606 3cb567 95511->95606 95513 44b0ed 95516 3c7510 53 API calls 95513->95516 95517 44b0a5 95514->95517 95515 44b063 95515->95518 95522 3cb567 39 API calls 95515->95522 95520 44b10b 95516->95520 95521 3cb567 39 API calls 95517->95521 95518->95513 95519 3cb567 39 API calls 95518->95519 95519->95513 95599 3c7620 95520->95599 95521->95518 95523 44b078 95522->95523 95525 3cb567 39 API calls 95523->95525 95525->95518 95526 44b115 95527 44b11f 95526->95527 95528 44b1d8 95526->95528 95530 3c7510 53 API calls 95527->95530 95529 44b20a GetCurrentDirectoryW 95528->95529 95531 3c7510 53 API calls 95528->95531 95532 3dfe0b 22 API calls 95529->95532 95533 44b130 95530->95533 95534 44b1ef 95531->95534 95535 44b22f GetCurrentDirectoryW 95532->95535 95536 3c7620 22 API calls 95533->95536 95537 3c7620 22 API calls 95534->95537 95538 44b23c 95535->95538 95539 44b13a 95536->95539 95540 44b1f9 _wcslen 95537->95540 95542 44b275 95538->95542 95611 3c9c6e 22 API calls 95538->95611 95541 3c7510 53 API calls 95539->95541 95540->95529 95540->95542 95543 44b14b 95541->95543 95550 44b287 95542->95550 95551 44b28b 95542->95551 95545 3c7620 22 API calls 95543->95545 95547 44b155 95545->95547 95546 44b255 95612 3c9c6e 22 API calls 95546->95612 95549 3c7510 53 API calls 95547->95549 95553 44b166 95549->95553 95555 44b2f8 95550->95555 95556 44b39a CreateProcessW 95550->95556 95614 4307c0 10 API calls 95551->95614 95552 44b265 95613 3c9c6e 22 API calls 95552->95613 95558 3c7620 22 API calls 95553->95558 95617 4211c8 39 API calls 95555->95617 95576 44b32f _wcslen 95556->95576 95561 44b170 95558->95561 95559 44b294 95615 4306e6 10 API calls 95559->95615 95564 44b1a6 GetSystemDirectoryW 95561->95564 95568 3c7510 53 API calls 95561->95568 95563 44b2fd 95566 44b323 95563->95566 95567 44b32a 95563->95567 95570 3dfe0b 22 API calls 95564->95570 95565 44b2aa 95616 4305a7 8 API calls 95565->95616 95618 421201 128 API calls 2 library calls 95566->95618 95619 4214ce 6 API calls 95567->95619 95573 44b187 95568->95573 95571 44b1cb GetSystemDirectoryW 95570->95571 95571->95538 95578 3c7620 22 API calls 95573->95578 95575 44b2d0 95575->95550 95579 44b42f CloseHandle 95576->95579 95582 44b3d6 GetLastError 95576->95582 95577 44b328 95577->95576 95583 44b191 _wcslen 95578->95583 95580 44b43f 95579->95580 95592 44b49a 95579->95592 95584 44b446 CloseHandle 95580->95584 95585 44b451 95580->95585 95591 44b41a 95582->95591 95583->95538 95583->95564 95584->95585 95586 44b463 95585->95586 95587 44b458 CloseHandle 95585->95587 95589 44b475 95586->95589 95590 44b46a CloseHandle 95586->95590 95587->95586 95588 44b4a6 95588->95591 95620 4309d9 34 API calls 95589->95620 95590->95589 95603 430175 95591->95603 95592->95588 95597 44b4d2 CloseHandle 95592->95597 95596 44b486 95621 44b536 25 API calls 95596->95621 95597->95591 95600 3c762a _wcslen 95599->95600 95601 3dfe0b 22 API calls 95600->95601 95602 3c763f 95601->95602 95602->95526 95622 43030f 95603->95622 95607 3cb578 95606->95607 95608 3cb57f 95606->95608 95607->95608 95635 3e62d1 39 API calls _strftime 95607->95635 95608->95515 95610 3cb5c2 95610->95515 95611->95546 95612->95552 95613->95542 95614->95559 95615->95565 95616->95575 95617->95563 95618->95577 95619->95576 95620->95596 95621->95592 95623 430321 CloseHandle 95622->95623 95624 430329 95622->95624 95623->95624 95625 430336 95624->95625 95626 43032e CloseHandle 95624->95626 95627 430343 95625->95627 95628 43033b CloseHandle 95625->95628 95626->95625 95629 430350 95627->95629 95630 430348 CloseHandle 95627->95630 95628->95627 95631 430355 CloseHandle 95629->95631 95632 43035d 95629->95632 95630->95629 95631->95632 95633 430362 CloseHandle 95632->95633 95634 43017d 95632->95634 95633->95634 95634->95252 95635->95610 95637 42dc06 95636->95637 95638 42dbdc GetFileAttributesW 95636->95638 95637->95430 95638->95637 95639 42dbe8 FindFirstFileW 95638->95639 95639->95637 95640 42dbf9 FindClose 95639->95640 95640->95637 95651 42def7 95641->95651 95643 42d5db CloseHandle 95643->95442 95644 42d529 Process32NextW 95644->95643 95650 42d522 95644->95650 95645 3ca961 22 API calls 95645->95650 95646 3c9cb3 22 API calls 95646->95650 95650->95643 95650->95644 95650->95645 95650->95646 95657 3c525f 22 API calls 95650->95657 95658 3c6350 22 API calls 95650->95658 95659 3dce60 41 API calls 95650->95659 95655 42df02 95651->95655 95652 42df19 95661 3e62fb 39 API calls _strftime 95652->95661 95655->95652 95656 42df1f 95655->95656 95660 3e63b2 GetStringTypeW _strftime 95655->95660 95656->95650 95657->95650 95658->95650 95659->95650 95660->95655 95661->95656 95663 3cb01b 95662->95663 95664 40fb4d 95663->95664 95669 3cb023 ISource 95663->95669 95665 3dfddb 22 API calls 95664->95665 95667 40fb59 95665->95667 95666 3cb02a 95666->95452 95669->95666 95670 3cb090 95669->95670 95671 3cb09b ISource 95670->95671 95672 3dce17 22 API calls 95671->95672 95673 3cb0d6 ISource 95671->95673 95672->95673 95673->95669 95675 3cae01 95674->95675 95678 3cae1c ISource 95674->95678 95676 3caec9 22 API calls 95675->95676 95677 3cae09 CharUpperBuffW 95676->95677 95677->95678 95678->95279 95680 3cacae 95679->95680 95681 3cacd1 95680->95681 95725 43359c 82 API calls __wsopen_s 95680->95725 95681->95332 95684 40fadb 95683->95684 95685 3cad92 95683->95685 95686 3dfddb 22 API calls 95685->95686 95687 3cad99 95686->95687 95726 3cadcd 95687->95726 95690->95333 95691->95284 95692->95322 95693->95297 95694->95322 95695->95322 95696->95332 95697->95332 95698->95332 95699->95332 95739 3cbbe0 95700->95739 95702 3ca9a3 95703 40f8c8 95702->95703 95704 3ca9b1 95702->95704 95705 3caceb 23 API calls 95703->95705 95706 3dfddb 22 API calls 95704->95706 95707 40f8d3 95705->95707 95708 3ca9c2 95706->95708 95709 3ca961 22 API calls 95708->95709 95710 3ca9cc 95709->95710 95711 3ca9db 95710->95711 95747 3ca8c7 22 API calls __fread_nolock 95710->95747 95712 3dfddb 22 API calls 95711->95712 95714 3ca9e5 95712->95714 95748 3ca869 40 API calls 95714->95748 95716 3caa09 95716->95332 95718 3ca826 95717->95718 95719 3ca993 41 API calls 95718->95719 95720 3ca855 95718->95720 95719->95720 95720->95311 95721->95322 95722->95318 95723->95319 95724->95322 95725->95681 95732 3caddd 95726->95732 95727 3cadb6 95727->95332 95728 3dfddb 22 API calls 95728->95732 95731 3cadcd 22 API calls 95731->95732 95732->95727 95732->95728 95732->95731 95733 3ca961 95732->95733 95738 3ca8c7 22 API calls __fread_nolock 95732->95738 95734 3dfe0b 22 API calls 95733->95734 95735 3ca976 95734->95735 95736 3dfddb 22 API calls 95735->95736 95737 3ca984 95736->95737 95737->95732 95738->95732 95740 3cbe27 95739->95740 95745 3cbbf3 95739->95745 95740->95702 95742 3ca961 22 API calls 95742->95745 95743 3cbc9d 95743->95702 95745->95742 95745->95743 95749 3e0242 5 API calls __Init_thread_wait 95745->95749 95750 3e00a3 29 API calls __onexit 95745->95750 95751 3e01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95745->95751 95747->95711 95748->95716 95749->95745 95750->95745 95751->95745 95752->95343 95753->95343 95754->95342 95755->95346 95756->95362 95757 412a00 95773 3cd7b0 ISource 95757->95773 95758 3cdb11 PeekMessageW 95758->95773 95759 3cd807 GetInputState 95759->95758 95759->95773 95761 411cbe TranslateAcceleratorW 95761->95773 95762 3cda04 timeGetTime 95762->95773 95763 3cdb8f PeekMessageW 95763->95773 95764 3cdb73 TranslateMessage DispatchMessageW 95764->95763 95765 3cdbaf Sleep 95765->95773 95766 412b74 Sleep 95783 412a51 95766->95783 95769 411dda timeGetTime 95825 3de300 23 API calls 95769->95825 95771 42d4dc 47 API calls 95771->95783 95772 412c0b GetExitCodeProcess 95777 412c21 WaitForSingleObject 95772->95777 95778 412c37 CloseHandle 95772->95778 95773->95758 95773->95759 95773->95761 95773->95762 95773->95763 95773->95764 95773->95765 95773->95766 95773->95769 95776 3cd9d5 95773->95776 95773->95783 95785 3cec40 348 API calls 95773->95785 95786 3d1310 348 API calls 95773->95786 95787 3cbf40 348 API calls 95773->95787 95789 3cdd50 95773->95789 95796 3cdfd0 95773->95796 95819 3dedf6 95773->95819 95824 3de551 timeGetTime 95773->95824 95826 433a2a 23 API calls 95773->95826 95827 43359c 82 API calls __wsopen_s 95773->95827 95774 4529bf GetForegroundWindow 95774->95783 95777->95773 95777->95778 95778->95783 95779 412ca9 Sleep 95779->95773 95783->95771 95783->95772 95783->95773 95783->95774 95783->95776 95783->95779 95828 445658 23 API calls 95783->95828 95829 42e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95783->95829 95830 3de551 timeGetTime 95783->95830 95785->95773 95786->95773 95787->95773 95790 3cdd6f 95789->95790 95791 3cdd83 95789->95791 95831 3cd260 95790->95831 95863 43359c 82 API calls __wsopen_s 95791->95863 95794 3cdd7a 95794->95773 95795 412f75 95795->95795 95798 3ce010 95796->95798 95797 3cec40 348 API calls 95812 3ce0dc ISource 95797->95812 95798->95812 95872 3e0242 5 API calls __Init_thread_wait 95798->95872 95801 412fca 95803 3ca961 22 API calls 95801->95803 95801->95812 95802 3ca961 22 API calls 95802->95812 95804 412fe4 95803->95804 95873 3e00a3 29 API calls __onexit 95804->95873 95805 3ca81b 41 API calls 95805->95812 95808 412fee 95874 3e01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95808->95874 95812->95797 95812->95802 95812->95805 95814 43359c 82 API calls 95812->95814 95815 3ce3e1 95812->95815 95816 3d04f0 22 API calls 95812->95816 95870 3ca8c7 22 API calls __fread_nolock 95812->95870 95871 3da308 348 API calls 95812->95871 95875 3e0242 5 API calls __Init_thread_wait 95812->95875 95876 3e00a3 29 API calls __onexit 95812->95876 95877 3e01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95812->95877 95878 4447d4 348 API calls 95812->95878 95879 4468c1 348 API calls 95812->95879 95814->95812 95815->95773 95816->95812 95820 3dee09 95819->95820 95821 3dee12 95819->95821 95820->95773 95821->95820 95822 3dee36 IsDialogMessageW 95821->95822 95823 41efaf GetClassLongW 95821->95823 95822->95820 95822->95821 95823->95821 95823->95822 95824->95773 95825->95773 95826->95773 95827->95773 95828->95783 95829->95783 95830->95783 95832 3cec40 348 API calls 95831->95832 95852 3cd29d 95832->95852 95833 411bc4 95869 43359c 82 API calls __wsopen_s 95833->95869 95835 3cd30b ISource 95835->95794 95836 3cd3c3 95838 3cd3ce 95836->95838 95839 3cd6d5 95836->95839 95837 3cd5ff 95840 411bb5 95837->95840 95841 3cd614 95837->95841 95843 3dfddb 22 API calls 95838->95843 95839->95835 95846 3dfe0b 22 API calls 95839->95846 95868 445705 23 API calls 95840->95868 95845 3dfddb 22 API calls 95841->95845 95842 3cd4b8 95847 3dfe0b 22 API calls 95842->95847 95850 3cd3d5 __fread_nolock 95843->95850 95856 3cd46a 95845->95856 95846->95850 95854 3cd429 ISource __fread_nolock 95847->95854 95848 3dfddb 22 API calls 95849 3cd3f6 95848->95849 95849->95854 95864 3cbec0 348 API calls 95849->95864 95850->95848 95850->95849 95851 3dfddb 22 API calls 95851->95852 95852->95833 95852->95835 95852->95836 95852->95839 95852->95842 95852->95851 95852->95854 95854->95837 95855 411ba4 95854->95855 95854->95856 95858 3c1f6f 348 API calls 95854->95858 95859 411b7f 95854->95859 95861 411b5d 95854->95861 95867 43359c 82 API calls __wsopen_s 95855->95867 95856->95794 95858->95854 95866 43359c 82 API calls __wsopen_s 95859->95866 95865 43359c 82 API calls __wsopen_s 95861->95865 95863->95795 95864->95854 95865->95856 95866->95856 95867->95856 95868->95833 95869->95835 95870->95812 95871->95812 95872->95801 95873->95808 95874->95812 95875->95812 95876->95812 95877->95812 95878->95812 95879->95812 95880 402402 95883 3c1410 95880->95883 95884 3c144f mciSendStringW 95883->95884 95885 4024b8 DestroyWindow 95883->95885 95886 3c146b 95884->95886 95887 3c16c6 95884->95887 95898 4024c4 95885->95898 95888 3c1479 95886->95888 95886->95898 95887->95886 95889 3c16d5 UnregisterHotKey 95887->95889 95916 3c182e 95888->95916 95889->95887 95891 4024e2 FindClose 95891->95898 95892 4024d8 95892->95898 95922 3c6246 CloseHandle 95892->95922 95894 402509 95897 40251c FreeLibrary 95894->95897 95899 40252d 95894->95899 95896 3c148e 95896->95899 95904 3c149c 95896->95904 95897->95894 95898->95891 95898->95892 95898->95894 95900 402541 VirtualFree 95899->95900 95907 3c1509 95899->95907 95900->95899 95901 3c14f8 CoUninitialize 95901->95907 95902 3c1514 95906 3c1524 95902->95906 95903 402589 95909 402598 ISource 95903->95909 95923 4332eb 6 API calls ISource 95903->95923 95904->95901 95920 3c1944 VirtualFreeEx CloseHandle 95906->95920 95907->95902 95907->95903 95912 402627 95909->95912 95924 4264d4 22 API calls ISource 95909->95924 95911 3c153a 95911->95909 95913 3c161f 95911->95913 95912->95912 95913->95912 95921 3c1876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 95913->95921 95915 3c16c1 95918 3c183b 95916->95918 95917 3c1480 95917->95894 95917->95896 95918->95917 95925 42702a 22 API calls 95918->95925 95920->95911 95921->95915 95922->95892 95923->95903 95924->95909 95925->95918 96896 3c1098 96901 3c42de 96896->96901 96900 3c10a7 96902 3ca961 22 API calls 96901->96902 96903 3c42f5 GetVersionExW 96902->96903 96904 3c6b57 22 API calls 96903->96904 96905 3c4342 96904->96905 96906 3c93b2 22 API calls 96905->96906 96918 3c4378 96905->96918 96907 3c436c 96906->96907 96909 3c37a0 22 API calls 96907->96909 96908 3c441b GetCurrentProcess IsWow64Process 96910 3c4437 96908->96910 96909->96918 96911 3c444f LoadLibraryA 96910->96911 96912 403824 GetSystemInfo 96910->96912 96913 3c449c GetSystemInfo 96911->96913 96914 3c4460 GetProcAddress 96911->96914 96917 3c4476 96913->96917 96914->96913 96916 3c4470 GetNativeSystemInfo 96914->96916 96915 4037df 96916->96917 96919 3c447a FreeLibrary 96917->96919 96920 3c109d 96917->96920 96918->96908 96918->96915 96919->96920 96921 3e00a3 29 API calls __onexit 96920->96921 96921->96900 95926 3e03fb 95927 3e0407 ___DestructExceptionObject 95926->95927 95955 3dfeb1 95927->95955 95929 3e040e 95930 3e0561 95929->95930 95933 3e0438 95929->95933 95985 3e083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95930->95985 95932 3e0568 95978 3e4e52 95932->95978 95944 3e0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95933->95944 95966 3f247d 95933->95966 95940 3e0457 95943 3e04de 95947 3e04f3 95943->95947 95946 3e04d8 95944->95946 95981 3e4e1a 38 API calls 2 library calls 95944->95981 95974 3e0959 95946->95974 95982 3e0992 GetModuleHandleW 95947->95982 95949 3e04fa 95949->95932 95950 3e04fe 95949->95950 95951 3e0507 95950->95951 95983 3e4df5 28 API calls _abort 95950->95983 95984 3e0040 13 API calls 2 library calls 95951->95984 95954 3e050f 95954->95940 95956 3dfeba 95955->95956 95987 3e0698 IsProcessorFeaturePresent 95956->95987 95958 3dfec6 95988 3e2c94 10 API calls 3 library calls 95958->95988 95960 3dfecf 95960->95929 95961 3dfecb 95961->95960 95989 3f2317 95961->95989 95964 3dfee6 95964->95929 95969 3f2494 95966->95969 95967 3e0a8c CatchGuardHandler 5 API calls 95968 3e0451 95967->95968 95968->95940 95970 3f2421 95968->95970 95969->95967 95973 3f2450 95970->95973 95971 3e0a8c CatchGuardHandler 5 API calls 95972 3f2479 95971->95972 95972->95944 95973->95971 96064 3e2340 95974->96064 95977 3e097f 95977->95943 96066 3e4bcf 95978->96066 95981->95946 95982->95949 95983->95951 95984->95954 95985->95932 95987->95958 95988->95961 95993 3fd1f6 95989->95993 95992 3e2cbd 8 API calls 3 library calls 95992->95960 95996 3fd213 95993->95996 95997 3fd20f 95993->95997 95995 3dfed8 95995->95964 95995->95992 95996->95997 95999 3f4bfb 95996->95999 96011 3e0a8c 95997->96011 96000 3f4c07 ___DestructExceptionObject 95999->96000 96018 3f2f5e EnterCriticalSection 96000->96018 96002 3f4c0e 96019 3f50af 96002->96019 96004 3f4c1d 96005 3f4c2c 96004->96005 96032 3f4a8f 29 API calls 96004->96032 96034 3f4c48 LeaveCriticalSection _abort 96005->96034 96008 3f4c27 96033 3f4b45 GetStdHandle GetFileType 96008->96033 96009 3f4c3d __fread_nolock 96009->95996 96012 3e0a97 IsProcessorFeaturePresent 96011->96012 96013 3e0a95 96011->96013 96015 3e0c5d 96012->96015 96013->95995 96063 3e0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96015->96063 96017 3e0d40 96017->95995 96018->96002 96020 3f50bb ___DestructExceptionObject 96019->96020 96021 3f50df 96020->96021 96022 3f50c8 96020->96022 96035 3f2f5e EnterCriticalSection 96021->96035 96043 3ef2d9 20 API calls __dosmaperr 96022->96043 96025 3f50cd 96044 3f27ec 26 API calls __fread_nolock 96025->96044 96027 3f50d7 __fread_nolock 96027->96004 96028 3f5117 96045 3f513e LeaveCriticalSection _abort 96028->96045 96029 3f50eb 96029->96028 96036 3f5000 96029->96036 96032->96008 96033->96005 96034->96009 96035->96029 96046 3f4c7d 96036->96046 96038 3f501f 96054 3f29c8 96038->96054 96040 3f5012 96040->96038 96053 3f3405 11 API calls 2 library calls 96040->96053 96042 3f5071 96042->96029 96043->96025 96044->96027 96045->96027 96050 3f4c8a __dosmaperr 96046->96050 96047 3f4cca 96061 3ef2d9 20 API calls __dosmaperr 96047->96061 96048 3f4cb5 RtlAllocateHeap 96049 3f4cc8 96048->96049 96048->96050 96049->96040 96050->96047 96050->96048 96060 3e4ead 7 API calls 2 library calls 96050->96060 96053->96040 96055 3f29d3 RtlFreeHeap 96054->96055 96056 3f29fc __dosmaperr 96054->96056 96055->96056 96057 3f29e8 96055->96057 96056->96042 96062 3ef2d9 20 API calls __dosmaperr 96057->96062 96059 3f29ee GetLastError 96059->96056 96060->96050 96061->96049 96062->96059 96063->96017 96065 3e096c GetStartupInfoW 96064->96065 96065->95977 96067 3e4bdb _abort 96066->96067 96068 3e4bf4 96067->96068 96069 3e4be2 96067->96069 96090 3f2f5e EnterCriticalSection 96068->96090 96105 3e4d29 GetModuleHandleW 96069->96105 96072 3e4be7 96072->96068 96106 3e4d6d GetModuleHandleExW 96072->96106 96073 3e4c99 96094 3e4cd9 96073->96094 96077 3e4bfb 96077->96073 96079 3e4c70 96077->96079 96091 3f21a8 96077->96091 96080 3e4c88 96079->96080 96085 3f2421 _abort 5 API calls 96079->96085 96086 3f2421 _abort 5 API calls 96080->96086 96081 3e4cb6 96097 3e4ce8 96081->96097 96082 3e4ce2 96114 401d29 5 API calls CatchGuardHandler 96082->96114 96085->96080 96086->96073 96090->96077 96115 3f1ee1 96091->96115 96134 3f2fa6 LeaveCriticalSection 96094->96134 96096 3e4cb2 96096->96081 96096->96082 96135 3f360c 96097->96135 96100 3e4d16 96103 3e4d6d _abort 8 API calls 96100->96103 96101 3e4cf6 GetPEB 96101->96100 96102 3e4d06 GetCurrentProcess TerminateProcess 96101->96102 96102->96100 96104 3e4d1e ExitProcess 96103->96104 96105->96072 96107 3e4dba 96106->96107 96108 3e4d97 GetProcAddress 96106->96108 96110 3e4dc9 96107->96110 96111 3e4dc0 FreeLibrary 96107->96111 96109 3e4dac 96108->96109 96109->96107 96112 3e0a8c CatchGuardHandler 5 API calls 96110->96112 96111->96110 96113 3e4bf3 96112->96113 96113->96068 96118 3f1e90 96115->96118 96117 3f1f05 96117->96079 96119 3f1e9c ___DestructExceptionObject 96118->96119 96126 3f2f5e EnterCriticalSection 96119->96126 96121 3f1eaa 96127 3f1f31 96121->96127 96125 3f1ec8 __fread_nolock 96125->96117 96126->96121 96128 3f1f51 96127->96128 96131 3f1f59 96127->96131 96129 3e0a8c CatchGuardHandler 5 API calls 96128->96129 96130 3f1eb7 96129->96130 96133 3f1ed5 LeaveCriticalSection _abort 96130->96133 96131->96128 96132 3f29c8 _free 20 API calls 96131->96132 96132->96128 96133->96125 96134->96096 96136 3f3627 96135->96136 96137 3f3631 96135->96137 96139 3e0a8c CatchGuardHandler 5 API calls 96136->96139 96142 3f2fd7 5 API calls 2 library calls 96137->96142 96140 3e4cf2 96139->96140 96140->96100 96140->96101 96141 3f3648 96141->96136 96142->96141 96922 3df698 96923 3df6c3 96922->96923 96924 3df6a2 96922->96924 96930 41f2f8 96923->96930 96939 424d4a 22 API calls ISource 96923->96939 96931 3caf8a 96924->96931 96926 3df6b2 96928 3caf8a 22 API calls 96926->96928 96929 3df6c2 96928->96929 96932 3caf98 96931->96932 96936 3cafc0 ISource 96931->96936 96933 3cafa6 96932->96933 96934 3caf8a 22 API calls 96932->96934 96935 3cafac 96933->96935 96937 3caf8a 22 API calls 96933->96937 96934->96933 96935->96936 96938 3cb090 22 API calls 96935->96938 96936->96926 96937->96935 96938->96936 96939->96923 96940 402ba5 96941 3c2b25 96940->96941 96942 402baf 96940->96942 96968 3c2b83 7 API calls 96941->96968 96944 3c3a5a 24 API calls 96942->96944 96946 402bb8 96944->96946 96948 3c9cb3 22 API calls 96946->96948 96950 402bc6 96948->96950 96949 3c2b2f 96956 3c2b44 96949->96956 96972 3c3837 96949->96972 96951 402bf5 96950->96951 96952 402bce 96950->96952 96954 3c33c6 22 API calls 96951->96954 96986 3c33c6 96952->96986 96958 402bf1 GetForegroundWindow ShellExecuteW 96954->96958 96961 3c2b5f 96956->96961 96982 3c30f2 96956->96982 96963 402c26 96958->96963 96965 3c2b66 SetCurrentDirectoryW 96961->96965 96962 402be7 96966 3c33c6 22 API calls 96962->96966 96963->96961 96967 3c2b7a 96965->96967 96966->96958 96996 3c2cd4 7 API calls 96968->96996 96970 3c2b2a 96971 3c2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96970->96971 96971->96949 96973 3c3862 ___scrt_fastfail 96972->96973 96997 3c4212 96973->96997 96976 3c38e8 96978 403386 Shell_NotifyIconW 96976->96978 96979 3c3906 Shell_NotifyIconW 96976->96979 97001 3c3923 96979->97001 96981 3c391c 96981->96956 96983 3c3154 96982->96983 96984 3c3104 ___scrt_fastfail 96982->96984 96983->96961 96985 3c3123 Shell_NotifyIconW 96984->96985 96985->96983 96987 3c33dd 96986->96987 96988 4030bb 96986->96988 97027 3c33ee 96987->97027 96990 3dfddb 22 API calls 96988->96990 96992 4030c5 _wcslen 96990->96992 96991 3c33e8 96995 3c6350 22 API calls 96991->96995 96993 3dfe0b 22 API calls 96992->96993 96994 4030fe __fread_nolock 96993->96994 96995->96962 96996->96970 96998 4035a4 96997->96998 96999 3c38b7 96997->96999 96998->96999 97000 4035ad DestroyIcon 96998->97000 96999->96976 97023 42c874 42 API calls _strftime 96999->97023 97000->96999 97002 3c393f 97001->97002 97021 3c3a13 97001->97021 97003 3c6270 22 API calls 97002->97003 97004 3c394d 97003->97004 97005 403393 LoadStringW 97004->97005 97006 3c395a 97004->97006 97008 4033ad 97005->97008 97007 3c6b57 22 API calls 97006->97007 97009 3c396f 97007->97009 97016 3c3994 ___scrt_fastfail 97008->97016 97025 3ca8c7 22 API calls __fread_nolock 97008->97025 97010 3c397c 97009->97010 97011 4033c9 97009->97011 97010->97008 97013 3c3986 97010->97013 97026 3c6350 22 API calls 97011->97026 97024 3c6350 22 API calls 97013->97024 97019 3c39f9 Shell_NotifyIconW 97016->97019 97017 4033d7 97017->97016 97018 3c33c6 22 API calls 97017->97018 97020 4033f9 97018->97020 97019->97021 97022 3c33c6 22 API calls 97020->97022 97021->96981 97022->97016 97023->96976 97024->97016 97025->97016 97026->97017 97028 3c33fe _wcslen 97027->97028 97029 40311d 97028->97029 97030 3c3411 97028->97030 97032 3dfddb 22 API calls 97029->97032 97037 3ca587 97030->97037 97034 403127 97032->97034 97033 3c341e __fread_nolock 97033->96991 97035 3dfe0b 22 API calls 97034->97035 97036 403157 __fread_nolock 97035->97036 97038 3ca59d 97037->97038 97041 3ca598 __fread_nolock 97037->97041 97039 3dfe0b 22 API calls 97038->97039 97040 40f80f 97038->97040 97039->97041 97041->97033 97042 3c105b 97047 3c344d 97042->97047 97044 3c106a 97078 3e00a3 29 API calls __onexit 97044->97078 97046 3c1074 97048 3c345d __wsopen_s 97047->97048 97049 3ca961 22 API calls 97048->97049 97050 3c3513 97049->97050 97051 3c3a5a 24 API calls 97050->97051 97052 3c351c 97051->97052 97079 3c3357 97052->97079 97055 3c33c6 22 API calls 97056 3c3535 97055->97056 97057 3c515f 22 API calls 97056->97057 97058 3c3544 97057->97058 97059 3ca961 22 API calls 97058->97059 97060 3c354d 97059->97060 97061 3ca6c3 22 API calls 97060->97061 97062 3c3556 RegOpenKeyExW 97061->97062 97063 403176 RegQueryValueExW 97062->97063 97067 3c3578 97062->97067 97064 403193 97063->97064 97065 40320c RegCloseKey 97063->97065 97066 3dfe0b 22 API calls 97064->97066 97065->97067 97077 40321e _wcslen 97065->97077 97068 4031ac 97066->97068 97067->97044 97070 3c5722 22 API calls 97068->97070 97069 3c4c6d 22 API calls 97069->97077 97071 4031b7 RegQueryValueExW 97070->97071 97072 4031d4 97071->97072 97074 4031ee ISource 97071->97074 97073 3c6b57 22 API calls 97072->97073 97073->97074 97074->97065 97075 3c9cb3 22 API calls 97075->97077 97076 3c515f 22 API calls 97076->97077 97077->97067 97077->97069 97077->97075 97077->97076 97078->97046 97080 401f50 __wsopen_s 97079->97080 97081 3c3364 GetFullPathNameW 97080->97081 97082 3c3386 97081->97082 97083 3c6b57 22 API calls 97082->97083 97084 3c33a4 97083->97084 97084->97055 97085 3c3156 97088 3c3170 97085->97088 97089 3c3187 97088->97089 97090 3c318c 97089->97090 97091 3c31eb 97089->97091 97128 3c31e9 97089->97128 97095 3c3199 97090->97095 97096 3c3265 PostQuitMessage 97090->97096 97093 402dfb 97091->97093 97094 3c31f1 97091->97094 97092 3c31d0 DefWindowProcW 97130 3c316a 97092->97130 97143 3c18e2 10 API calls 97093->97143 97099 3c321d SetTimer RegisterWindowMessageW 97094->97099 97100 3c31f8 97094->97100 97097 3c31a4 97095->97097 97098 402e7c 97095->97098 97096->97130 97103 3c31ae 97097->97103 97104 402e68 97097->97104 97146 42bf30 34 API calls ___scrt_fastfail 97098->97146 97105 3c3246 CreatePopupMenu 97099->97105 97099->97130 97107 402d9c 97100->97107 97108 3c3201 KillTimer 97100->97108 97102 402e1c 97144 3de499 42 API calls 97102->97144 97110 3c31b9 97103->97110 97111 402e4d 97103->97111 97133 42c161 97104->97133 97105->97130 97113 402da1 97107->97113 97114 402dd7 MoveWindow 97107->97114 97115 3c30f2 Shell_NotifyIconW 97108->97115 97117 3c3253 97110->97117 97126 3c31c4 97110->97126 97111->97092 97145 420ad7 22 API calls 97111->97145 97112 402e8e 97112->97092 97112->97130 97118 402dc6 SetFocus 97113->97118 97119 402da7 97113->97119 97114->97130 97120 3c3214 97115->97120 97141 3c326f 44 API calls ___scrt_fastfail 97117->97141 97118->97130 97122 402db0 97119->97122 97119->97126 97140 3c3c50 DeleteObject DestroyWindow 97120->97140 97142 3c18e2 10 API calls 97122->97142 97125 3c3263 97125->97130 97126->97092 97129 3c30f2 Shell_NotifyIconW 97126->97129 97128->97092 97131 402e41 97129->97131 97132 3c3837 49 API calls 97131->97132 97132->97128 97134 42c276 97133->97134 97135 42c179 ___scrt_fastfail 97133->97135 97134->97130 97136 3c3923 24 API calls 97135->97136 97138 42c1a0 97136->97138 97137 42c25f KillTimer SetTimer 97137->97134 97138->97137 97139 42c251 Shell_NotifyIconW 97138->97139 97139->97137 97140->97130 97141->97125 97142->97130 97143->97102 97144->97126 97145->97128 97146->97112 96143 3c2e37 96144 3ca961 22 API calls 96143->96144 96145 3c2e4d 96144->96145 96222 3c4ae3 96145->96222 96147 3c2e6b 96236 3c3a5a 96147->96236 96149 3c2e7f 96150 3c9cb3 22 API calls 96149->96150 96151 3c2e8c 96150->96151 96243 3c4ecb 96151->96243 96154 402cb0 96281 432cf9 96154->96281 96155 3c2ead 96265 3ca8c7 22 API calls __fread_nolock 96155->96265 96157 402cc3 96158 402ccf 96157->96158 96307 3c4f39 96157->96307 96164 3c4f39 68 API calls 96158->96164 96160 3c2ec3 96266 3c6f88 22 API calls 96160->96266 96163 3c2ecf 96165 3c9cb3 22 API calls 96163->96165 96166 402ce5 96164->96166 96167 3c2edc 96165->96167 96313 3c3084 22 API calls 96166->96313 96168 3ca81b 41 API calls 96167->96168 96170 3c2eec 96168->96170 96172 3c9cb3 22 API calls 96170->96172 96171 402d02 96314 3c3084 22 API calls 96171->96314 96174 3c2f12 96172->96174 96176 3ca81b 41 API calls 96174->96176 96175 402d1e 96177 3c3a5a 24 API calls 96175->96177 96179 3c2f21 96176->96179 96178 402d44 96177->96178 96315 3c3084 22 API calls 96178->96315 96181 3ca961 22 API calls 96179->96181 96183 3c2f3f 96181->96183 96182 402d50 96316 3ca8c7 22 API calls __fread_nolock 96182->96316 96267 3c3084 22 API calls 96183->96267 96186 402d5e 96317 3c3084 22 API calls 96186->96317 96187 3c2f4b 96268 3e4a28 40 API calls 3 library calls 96187->96268 96189 402d6d 96318 3ca8c7 22 API calls __fread_nolock 96189->96318 96191 3c2f59 96191->96166 96192 3c2f63 96191->96192 96269 3e4a28 40 API calls 3 library calls 96192->96269 96195 402d83 96319 3c3084 22 API calls 96195->96319 96196 3c2f6e 96196->96171 96198 3c2f78 96196->96198 96270 3e4a28 40 API calls 3 library calls 96198->96270 96199 402d90 96201 3c2f83 96201->96175 96202 3c2f8d 96201->96202 96271 3e4a28 40 API calls 3 library calls 96202->96271 96204 3c2f98 96205 3c2fdc 96204->96205 96272 3c3084 22 API calls 96204->96272 96205->96189 96206 3c2fe8 96205->96206 96206->96199 96275 3c63eb 22 API calls 96206->96275 96208 3c2fbf 96273 3ca8c7 22 API calls __fread_nolock 96208->96273 96211 3c2ff8 96276 3c6a50 22 API calls 96211->96276 96212 3c2fcd 96274 3c3084 22 API calls 96212->96274 96215 3c3006 96277 3c70b0 23 API calls 96215->96277 96219 3c3021 96220 3c3065 96219->96220 96278 3c6f88 22 API calls 96219->96278 96279 3c70b0 23 API calls 96219->96279 96280 3c3084 22 API calls 96219->96280 96223 3c4af0 __wsopen_s 96222->96223 96224 3c6b57 22 API calls 96223->96224 96225 3c4b22 96223->96225 96224->96225 96232 3c4b58 96225->96232 96320 3c4c6d 96225->96320 96227 3c9cb3 22 API calls 96229 3c4c52 96227->96229 96228 3c9cb3 22 API calls 96228->96232 96230 3c515f 22 API calls 96229->96230 96234 3c4c5e 96230->96234 96231 3c4c6d 22 API calls 96231->96232 96232->96228 96232->96231 96235 3c4c29 96232->96235 96323 3c515f 96232->96323 96234->96147 96235->96227 96235->96234 96329 401f50 96236->96329 96239 3c9cb3 22 API calls 96240 3c3a8d 96239->96240 96331 3c3aa2 96240->96331 96242 3c3a97 96242->96149 96351 3c4e90 LoadLibraryA 96243->96351 96248 3c4ef6 LoadLibraryExW 96359 3c4e59 LoadLibraryA 96248->96359 96249 403ccf 96250 3c4f39 68 API calls 96249->96250 96252 403cd6 96250->96252 96254 3c4e59 3 API calls 96252->96254 96256 403cde 96254->96256 96381 3c50f5 96256->96381 96257 3c4f20 96257->96256 96258 3c4f2c 96257->96258 96260 3c4f39 68 API calls 96258->96260 96262 3c2ea5 96260->96262 96262->96154 96262->96155 96264 403d05 96265->96160 96266->96163 96267->96187 96268->96191 96269->96196 96270->96201 96271->96204 96272->96208 96273->96212 96274->96205 96275->96211 96276->96215 96277->96219 96278->96219 96279->96219 96280->96219 96282 432d15 96281->96282 96283 3c511f 64 API calls 96282->96283 96284 432d29 96283->96284 96515 432e66 96284->96515 96287 3c50f5 40 API calls 96288 432d56 96287->96288 96289 3c50f5 40 API calls 96288->96289 96290 432d66 96289->96290 96291 3c50f5 40 API calls 96290->96291 96292 432d81 96291->96292 96293 3c50f5 40 API calls 96292->96293 96294 432d9c 96293->96294 96295 3c511f 64 API calls 96294->96295 96296 432db3 96295->96296 96297 3eea0c ___std_exception_copy 21 API calls 96296->96297 96298 432dba 96297->96298 96299 3eea0c ___std_exception_copy 21 API calls 96298->96299 96300 432dc4 96299->96300 96301 3c50f5 40 API calls 96300->96301 96302 432dd8 96301->96302 96303 4328fe 27 API calls 96302->96303 96304 432dee 96303->96304 96306 432d3f 96304->96306 96521 4322ce 79 API calls 96304->96521 96306->96157 96308 3c4f43 96307->96308 96312 3c4f4a 96307->96312 96522 3ee678 96308->96522 96310 3c4f59 96310->96158 96311 3c4f6a FreeLibrary 96311->96310 96312->96310 96312->96311 96313->96171 96314->96175 96315->96182 96316->96186 96317->96189 96318->96195 96319->96199 96321 3caec9 22 API calls 96320->96321 96322 3c4c78 96321->96322 96322->96225 96324 3c516e 96323->96324 96328 3c518f __fread_nolock 96323->96328 96327 3dfe0b 22 API calls 96324->96327 96325 3dfddb 22 API calls 96326 3c51a2 96325->96326 96326->96232 96327->96328 96328->96325 96330 3c3a67 GetModuleFileNameW 96329->96330 96330->96239 96332 401f50 __wsopen_s 96331->96332 96333 3c3aaf GetFullPathNameW 96332->96333 96334 3c3ace 96333->96334 96335 3c3ae9 96333->96335 96337 3c6b57 22 API calls 96334->96337 96345 3ca6c3 96335->96345 96338 3c3ada 96337->96338 96341 3c37a0 96338->96341 96342 3c37ae 96341->96342 96343 3c93b2 22 API calls 96342->96343 96344 3c37c2 96343->96344 96344->96242 96346 3ca6dd 96345->96346 96347 3ca6d0 96345->96347 96348 3dfddb 22 API calls 96346->96348 96347->96338 96349 3ca6e7 96348->96349 96350 3dfe0b 22 API calls 96349->96350 96350->96347 96352 3c4ea8 GetProcAddress 96351->96352 96353 3c4ec6 96351->96353 96354 3c4eb8 96352->96354 96356 3ee5eb 96353->96356 96354->96353 96355 3c4ebf FreeLibrary 96354->96355 96355->96353 96389 3ee52a 96356->96389 96358 3c4eea 96358->96248 96358->96249 96360 3c4e8d 96359->96360 96361 3c4e6e GetProcAddress 96359->96361 96364 3c4f80 96360->96364 96362 3c4e7e 96361->96362 96362->96360 96363 3c4e86 FreeLibrary 96362->96363 96363->96360 96365 3dfe0b 22 API calls 96364->96365 96366 3c4f95 96365->96366 96441 3c5722 96366->96441 96368 3c4fa1 __fread_nolock 96369 3c50a5 96368->96369 96370 403d1d 96368->96370 96375 3c4fdc 96368->96375 96444 3c42a2 CreateStreamOnHGlobal 96369->96444 96455 43304d 74 API calls 96370->96455 96373 403d22 96376 3c511f 64 API calls 96373->96376 96374 3c50f5 40 API calls 96374->96375 96375->96373 96375->96374 96380 3c506e ISource 96375->96380 96450 3c511f 96375->96450 96377 403d45 96376->96377 96378 3c50f5 40 API calls 96377->96378 96378->96380 96380->96257 96382 3c5107 96381->96382 96385 403d70 96381->96385 96477 3ee8c4 96382->96477 96386 4328fe 96498 43274e 96386->96498 96388 432919 96388->96264 96392 3ee536 ___DestructExceptionObject 96389->96392 96390 3ee544 96414 3ef2d9 20 API calls __dosmaperr 96390->96414 96392->96390 96394 3ee574 96392->96394 96393 3ee549 96415 3f27ec 26 API calls __fread_nolock 96393->96415 96396 3ee579 96394->96396 96397 3ee586 96394->96397 96416 3ef2d9 20 API calls __dosmaperr 96396->96416 96406 3f8061 96397->96406 96400 3ee58f 96401 3ee595 96400->96401 96402 3ee5a2 96400->96402 96417 3ef2d9 20 API calls __dosmaperr 96401->96417 96418 3ee5d4 LeaveCriticalSection __fread_nolock 96402->96418 96404 3ee554 __fread_nolock 96404->96358 96407 3f806d ___DestructExceptionObject 96406->96407 96419 3f2f5e EnterCriticalSection 96407->96419 96409 3f807b 96420 3f80fb 96409->96420 96413 3f80ac __fread_nolock 96413->96400 96414->96393 96415->96404 96416->96404 96417->96404 96418->96404 96419->96409 96427 3f811e 96420->96427 96421 3f8177 96422 3f4c7d __dosmaperr 20 API calls 96421->96422 96423 3f8180 96422->96423 96425 3f29c8 _free 20 API calls 96423->96425 96426 3f8189 96425->96426 96432 3f8088 96426->96432 96438 3f3405 11 API calls 2 library calls 96426->96438 96427->96421 96427->96427 96427->96432 96436 3e918d EnterCriticalSection 96427->96436 96437 3e91a1 LeaveCriticalSection 96427->96437 96429 3f81a8 96439 3e918d EnterCriticalSection 96429->96439 96433 3f80b7 96432->96433 96440 3f2fa6 LeaveCriticalSection 96433->96440 96435 3f80be 96435->96413 96436->96427 96437->96427 96438->96429 96439->96432 96440->96435 96442 3dfddb 22 API calls 96441->96442 96443 3c5734 96442->96443 96443->96368 96445 3c42bc FindResourceExW 96444->96445 96449 3c42d9 96444->96449 96446 4035ba LoadResource 96445->96446 96445->96449 96447 4035cf SizeofResource 96446->96447 96446->96449 96448 4035e3 LockResource 96447->96448 96447->96449 96448->96449 96449->96375 96451 403d90 96450->96451 96452 3c512e 96450->96452 96456 3eece3 96452->96456 96455->96373 96459 3eeaaa 96456->96459 96458 3c513c 96458->96375 96460 3eeab6 ___DestructExceptionObject 96459->96460 96461 3eeac2 96460->96461 96462 3eeae8 96460->96462 96472 3ef2d9 20 API calls __dosmaperr 96461->96472 96474 3e918d EnterCriticalSection 96462->96474 96465 3eeac7 96473 3f27ec 26 API calls __fread_nolock 96465->96473 96466 3eeaf4 96475 3eec0a 62 API calls 2 library calls 96466->96475 96469 3eeb08 96476 3eeb27 LeaveCriticalSection __fread_nolock 96469->96476 96471 3eead2 __fread_nolock 96471->96458 96472->96465 96473->96471 96474->96466 96475->96469 96476->96471 96480 3ee8e1 96477->96480 96479 3c5118 96479->96386 96481 3ee8ed ___DestructExceptionObject 96480->96481 96482 3ee92d 96481->96482 96483 3ee900 ___scrt_fastfail 96481->96483 96492 3ee925 __fread_nolock 96481->96492 96495 3e918d EnterCriticalSection 96482->96495 96493 3ef2d9 20 API calls __dosmaperr 96483->96493 96485 3ee937 96496 3ee6f8 38 API calls 3 library calls 96485->96496 96487 3ee91a 96494 3f27ec 26 API calls __fread_nolock 96487->96494 96490 3ee94e 96497 3ee96c LeaveCriticalSection __fread_nolock 96490->96497 96492->96479 96493->96487 96494->96492 96495->96485 96496->96490 96497->96492 96501 3ee4e8 96498->96501 96500 43275d 96500->96388 96504 3ee469 96501->96504 96503 3ee505 96503->96500 96505 3ee48c 96504->96505 96506 3ee478 96504->96506 96510 3ee488 __alldvrm 96505->96510 96514 3f333f 11 API calls 2 library calls 96505->96514 96512 3ef2d9 20 API calls __dosmaperr 96506->96512 96509 3ee47d 96513 3f27ec 26 API calls __fread_nolock 96509->96513 96510->96503 96512->96509 96513->96510 96514->96510 96520 432e7a 96515->96520 96516 3c50f5 40 API calls 96516->96520 96517 432d3b 96517->96287 96517->96306 96518 4328fe 27 API calls 96518->96520 96519 3c511f 64 API calls 96519->96520 96520->96516 96520->96517 96520->96518 96520->96519 96521->96306 96523 3ee684 ___DestructExceptionObject 96522->96523 96524 3ee6aa 96523->96524 96525 3ee695 96523->96525 96534 3ee6a5 __fread_nolock 96524->96534 96535 3e918d EnterCriticalSection 96524->96535 96552 3ef2d9 20 API calls __dosmaperr 96525->96552 96527 3ee69a 96553 3f27ec 26 API calls __fread_nolock 96527->96553 96530 3ee6c6 96536 3ee602 96530->96536 96532 3ee6d1 96554 3ee6ee LeaveCriticalSection __fread_nolock 96532->96554 96534->96312 96535->96530 96537 3ee60f 96536->96537 96538 3ee624 96536->96538 96587 3ef2d9 20 API calls __dosmaperr 96537->96587 96542 3ee61f 96538->96542 96555 3edc0b 96538->96555 96541 3ee614 96588 3f27ec 26 API calls __fread_nolock 96541->96588 96542->96532 96548 3ee646 96572 3f862f 96548->96572 96551 3f29c8 _free 20 API calls 96551->96542 96552->96527 96553->96534 96554->96534 96556 3edc23 96555->96556 96560 3edc1f 96555->96560 96557 3ed955 __fread_nolock 26 API calls 96556->96557 96556->96560 96558 3edc43 96557->96558 96589 3f59be 62 API calls 4 library calls 96558->96589 96561 3f4d7a 96560->96561 96562 3ee640 96561->96562 96563 3f4d90 96561->96563 96565 3ed955 96562->96565 96563->96562 96564 3f29c8 _free 20 API calls 96563->96564 96564->96562 96566 3ed976 96565->96566 96567 3ed961 96565->96567 96566->96548 96590 3ef2d9 20 API calls __dosmaperr 96567->96590 96569 3ed966 96591 3f27ec 26 API calls __fread_nolock 96569->96591 96571 3ed971 96571->96548 96573 3f863e 96572->96573 96577 3f8653 96572->96577 96595 3ef2c6 20 API calls __dosmaperr 96573->96595 96574 3f868e 96597 3ef2c6 20 API calls __dosmaperr 96574->96597 96576 3f8643 96596 3ef2d9 20 API calls __dosmaperr 96576->96596 96577->96574 96580 3f867a 96577->96580 96592 3f8607 96580->96592 96581 3f8693 96598 3ef2d9 20 API calls __dosmaperr 96581->96598 96584 3ee64c 96584->96542 96584->96551 96585 3f869b 96599 3f27ec 26 API calls __fread_nolock 96585->96599 96587->96541 96588->96542 96589->96560 96590->96569 96591->96571 96600 3f8585 96592->96600 96594 3f862b 96594->96584 96595->96576 96596->96584 96597->96581 96598->96585 96599->96584 96601 3f8591 ___DestructExceptionObject 96600->96601 96611 3f5147 EnterCriticalSection 96601->96611 96603 3f859f 96604 3f85c6 96603->96604 96605 3f85d1 96603->96605 96612 3f86ae 96604->96612 96627 3ef2d9 20 API calls __dosmaperr 96605->96627 96608 3f85cc 96628 3f85fb LeaveCriticalSection __wsopen_s 96608->96628 96610 3f85ee __fread_nolock 96610->96594 96611->96603 96629 3f53c4 96612->96629 96614 3f86be 96615 3f86c4 96614->96615 96617 3f86f6 96614->96617 96620 3f53c4 __wsopen_s 26 API calls 96614->96620 96642 3f5333 21 API calls 2 library calls 96615->96642 96617->96615 96618 3f53c4 __wsopen_s 26 API calls 96617->96618 96622 3f8702 CloseHandle 96618->96622 96619 3f871c 96623 3f873e 96619->96623 96643 3ef2a3 20 API calls __dosmaperr 96619->96643 96621 3f86ed 96620->96621 96624 3f53c4 __wsopen_s 26 API calls 96621->96624 96622->96615 96625 3f870e GetLastError 96622->96625 96623->96608 96624->96617 96625->96615 96627->96608 96628->96610 96630 3f53e6 96629->96630 96631 3f53d1 96629->96631 96635 3f540b 96630->96635 96646 3ef2c6 20 API calls __dosmaperr 96630->96646 96644 3ef2c6 20 API calls __dosmaperr 96631->96644 96634 3f53d6 96645 3ef2d9 20 API calls __dosmaperr 96634->96645 96635->96614 96636 3f5416 96647 3ef2d9 20 API calls __dosmaperr 96636->96647 96639 3f53de 96639->96614 96640 3f541e 96648 3f27ec 26 API calls __fread_nolock 96640->96648 96642->96619 96643->96623 96644->96634 96645->96639 96646->96636 96647->96640 96648->96639 96649 3c1033 96654 3c4c91 96649->96654 96653 3c1042 96655 3ca961 22 API calls 96654->96655 96656 3c4cff 96655->96656 96662 3c3af0 96656->96662 96659 3c4d9c 96660 3c1038 96659->96660 96665 3c51f7 22 API calls __fread_nolock 96659->96665 96661 3e00a3 29 API calls __onexit 96660->96661 96661->96653 96666 3c3b1c 96662->96666 96665->96659 96667 3c3b0f 96666->96667 96668 3c3b29 96666->96668 96667->96659 96668->96667 96669 3c3b30 RegOpenKeyExW 96668->96669 96669->96667 96670 3c3b4a RegQueryValueExW 96669->96670 96671 3c3b80 RegCloseKey 96670->96671 96672 3c3b6b 96670->96672 96671->96667 96672->96671 96673 3cfe73 96680 3dceb1 96673->96680 96675 3cfe89 96689 3dcf92 96675->96689 96677 3cfeb3 96701 43359c 82 API calls __wsopen_s 96677->96701 96679 414ab8 96681 3dcebf 96680->96681 96682 3dced2 96680->96682 96683 3caceb 23 API calls 96681->96683 96684 3dcf05 96682->96684 96685 3dced7 96682->96685 96688 3dcec9 96683->96688 96687 3caceb 23 API calls 96684->96687 96686 3dfddb 22 API calls 96685->96686 96686->96688 96687->96688 96688->96675 96702 3c6270 96689->96702 96691 3dcfc9 96692 3c9cb3 22 API calls 96691->96692 96694 3dcffa 96691->96694 96693 41d166 96692->96693 96707 3c6350 22 API calls 96693->96707 96694->96677 96696 41d171 96708 3dd2f0 40 API calls 96696->96708 96698 41d184 96699 3caceb 23 API calls 96698->96699 96700 41d188 96698->96700 96699->96700 96700->96700 96701->96679 96703 3dfe0b 22 API calls 96702->96703 96704 3c6295 96703->96704 96705 3dfddb 22 API calls 96704->96705 96706 3c62a3 96705->96706 96706->96691 96707->96696 96708->96698 96709 452a55 96717 431ebc 96709->96717 96712 452a87 96713 452a70 96719 4239c0 22 API calls 96713->96719 96715 452a7c 96720 42417d 22 API calls __fread_nolock 96715->96720 96718 431ec3 IsWindow 96717->96718 96718->96712 96718->96713 96719->96715 96720->96712 96721 3c1cad SystemParametersInfoW 96722 41d255 96723 3c3b1c 3 API calls 96722->96723 96724 41d275 96723->96724 96724->96724 97147 413f75 97148 3dceb1 23 API calls 97147->97148 97149 413f8b 97148->97149 97157 414006 97149->97157 97158 3de300 23 API calls 97149->97158 97151 3cbf40 348 API calls 97152 414052 97151->97152 97154 414a88 97152->97154 97160 43359c 82 API calls __wsopen_s 97152->97160 97155 413fe6 97155->97152 97159 431abf 22 API calls 97155->97159 97157->97151 97158->97155 97159->97157 97160->97154 97161 3c1044 97166 3c10f3 97161->97166 97163 3c104a 97202 3e00a3 29 API calls __onexit 97163->97202 97165 3c1054 97203 3c1398 97166->97203 97170 3c116a 97171 3ca961 22 API calls 97170->97171 97172 3c1174 97171->97172 97173 3ca961 22 API calls 97172->97173 97174 3c117e 97173->97174 97175 3ca961 22 API calls 97174->97175 97176 3c1188 97175->97176 97177 3ca961 22 API calls 97176->97177 97178 3c11c6 97177->97178 97179 3ca961 22 API calls 97178->97179 97180 3c1292 97179->97180 97213 3c171c 97180->97213 97184 3c12c4 97185 3ca961 22 API calls 97184->97185 97186 3c12ce 97185->97186 97187 3d1940 9 API calls 97186->97187 97188 3c12f9 97187->97188 97234 3c1aab 97188->97234 97190 3c1315 97191 3c1325 GetStdHandle 97190->97191 97192 402485 97191->97192 97193 3c137a 97191->97193 97192->97193 97194 40248e 97192->97194 97196 3c1387 OleInitialize 97193->97196 97195 3dfddb 22 API calls 97194->97195 97197 402495 97195->97197 97196->97163 97241 43011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 97197->97241 97199 40249e 97242 430944 CreateThread 97199->97242 97201 4024aa CloseHandle 97201->97193 97202->97165 97243 3c13f1 97203->97243 97206 3c13f1 22 API calls 97207 3c13d0 97206->97207 97208 3ca961 22 API calls 97207->97208 97209 3c13dc 97208->97209 97210 3c6b57 22 API calls 97209->97210 97211 3c1129 97210->97211 97212 3c1bc3 6 API calls 97211->97212 97212->97170 97214 3ca961 22 API calls 97213->97214 97215 3c172c 97214->97215 97216 3ca961 22 API calls 97215->97216 97217 3c1734 97216->97217 97218 3ca961 22 API calls 97217->97218 97219 3c174f 97218->97219 97220 3dfddb 22 API calls 97219->97220 97221 3c129c 97220->97221 97222 3c1b4a 97221->97222 97223 3c1b58 97222->97223 97224 3ca961 22 API calls 97223->97224 97225 3c1b63 97224->97225 97226 3ca961 22 API calls 97225->97226 97227 3c1b6e 97226->97227 97228 3ca961 22 API calls 97227->97228 97229 3c1b79 97228->97229 97230 3ca961 22 API calls 97229->97230 97231 3c1b84 97230->97231 97232 3dfddb 22 API calls 97231->97232 97233 3c1b96 RegisterWindowMessageW 97232->97233 97233->97184 97235 3c1abb 97234->97235 97236 40272d 97234->97236 97238 3dfddb 22 API calls 97235->97238 97250 433209 23 API calls 97236->97250 97240 3c1ac3 97238->97240 97239 402738 97240->97190 97241->97199 97242->97201 97251 43092a 28 API calls 97242->97251 97244 3ca961 22 API calls 97243->97244 97245 3c13fc 97244->97245 97246 3ca961 22 API calls 97245->97246 97247 3c1404 97246->97247 97248 3ca961 22 API calls 97247->97248 97249 3c13c6 97248->97249 97249->97206 97250->97239 96725 3cdee5 96728 3cb710 96725->96728 96729 3cb72b 96728->96729 96730 410146 96729->96730 96731 4100f8 96729->96731 96755 3cb750 96729->96755 96769 4458a2 348 API calls 2 library calls 96730->96769 96734 410102 96731->96734 96737 41010f 96731->96737 96731->96755 96767 445d33 348 API calls 96734->96767 96750 3cba20 96737->96750 96768 4461d0 348 API calls 2 library calls 96737->96768 96738 3dd336 40 API calls 96738->96755 96741 4103d9 96741->96741 96743 3cbbe0 40 API calls 96743->96755 96746 3cba4e 96747 410322 96772 445c0c 82 API calls 96747->96772 96750->96746 96773 43359c 82 API calls __wsopen_s 96750->96773 96751 3ca81b 41 API calls 96751->96755 96752 3caceb 23 API calls 96752->96755 96755->96738 96755->96743 96755->96746 96755->96747 96755->96750 96755->96751 96755->96752 96756 3cec40 348 API calls 96755->96756 96759 3dd2f0 40 API calls 96755->96759 96760 3da01b 348 API calls 96755->96760 96761 3e0242 5 API calls __Init_thread_wait 96755->96761 96762 3dedcd 22 API calls 96755->96762 96763 3e00a3 29 API calls __onexit 96755->96763 96764 3e01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96755->96764 96765 3dee53 82 API calls 96755->96765 96766 3de5ca 348 API calls 96755->96766 96770 41f6bf 23 API calls 96755->96770 96771 3ca8c7 22 API calls __fread_nolock 96755->96771 96756->96755 96759->96755 96760->96755 96761->96755 96762->96755 96763->96755 96764->96755 96765->96755 96766->96755 96767->96737 96768->96750 96769->96755 96770->96755 96771->96755 96772->96750 96773->96741 96774 41d29a 96777 42de27 WSAStartup 96774->96777 96776 41d2a5 96778 42de50 gethostname gethostbyname 96777->96778 96780 42dee6 96777->96780 96779 42de73 __fread_nolock 96778->96779 96778->96780 96781 42dea5 inet_ntoa 96779->96781 96785 42de87 96779->96785 96780->96776 96783 42debe _strcat 96781->96783 96782 42dede WSACleanup 96782->96780 96786 42ebd1 96783->96786 96785->96782 96787 42ec37 96786->96787 96790 42ebe0 _strlen 96786->96790 96787->96785 96788 42ebef MultiByteToWideChar 96788->96787 96789 42ec04 96788->96789 96791 3dfe0b 22 API calls 96789->96791 96790->96788 96792 42ec20 MultiByteToWideChar 96791->96792 96792->96787 97252 41d27a GetUserNameW 97253 41d292 97252->97253 97254 3f8402 97259 3f81be 97254->97259 97258 3f842a 97264 3f81ef try_get_first_available_module 97259->97264 97261 3f83ee 97278 3f27ec 26 API calls __fread_nolock 97261->97278 97263 3f8343 97263->97258 97271 400984 97263->97271 97267 3f8338 97264->97267 97274 3e8e0b 40 API calls 2 library calls 97264->97274 97266 3f838c 97266->97267 97275 3e8e0b 40 API calls 2 library calls 97266->97275 97267->97263 97277 3ef2d9 20 API calls __dosmaperr 97267->97277 97269 3f83ab 97269->97267 97276 3e8e0b 40 API calls 2 library calls 97269->97276 97279 400081 97271->97279 97273 40099f 97273->97258 97274->97266 97275->97269 97276->97267 97277->97261 97278->97263 97281 40008d ___DestructExceptionObject 97279->97281 97280 40009b 97337 3ef2d9 20 API calls __dosmaperr 97280->97337 97281->97280 97284 4000d4 97281->97284 97283 4000a0 97338 3f27ec 26 API calls __fread_nolock 97283->97338 97290 40065b 97284->97290 97289 4000aa __fread_nolock 97289->97273 97340 40042f 97290->97340 97293 4006a6 97358 3f5221 97293->97358 97294 40068d 97372 3ef2c6 20 API calls __dosmaperr 97294->97372 97297 400692 97373 3ef2d9 20 API calls __dosmaperr 97297->97373 97298 4006ab 97299 4006b4 97298->97299 97300 4006cb 97298->97300 97374 3ef2c6 20 API calls __dosmaperr 97299->97374 97371 40039a CreateFileW 97300->97371 97304 4006b9 97375 3ef2d9 20 API calls __dosmaperr 97304->97375 97305 400781 GetFileType 97308 4007d3 97305->97308 97309 40078c GetLastError 97305->97309 97307 400756 GetLastError 97377 3ef2a3 20 API calls __dosmaperr 97307->97377 97380 3f516a 21 API calls 2 library calls 97308->97380 97378 3ef2a3 20 API calls __dosmaperr 97309->97378 97310 400704 97310->97305 97310->97307 97376 40039a CreateFileW 97310->97376 97314 40079a CloseHandle 97314->97297 97317 4007c3 97314->97317 97316 400749 97316->97305 97316->97307 97379 3ef2d9 20 API calls __dosmaperr 97317->97379 97319 400840 97325 40086d 97319->97325 97382 40014d 72 API calls 4 library calls 97319->97382 97320 4007f4 97320->97319 97381 4005ab 72 API calls 3 library calls 97320->97381 97321 4007c8 97321->97297 97324 400866 97324->97325 97326 40087e 97324->97326 97327 3f86ae __wsopen_s 29 API calls 97325->97327 97328 4000f8 97326->97328 97329 4008fc CloseHandle 97326->97329 97327->97328 97339 400121 LeaveCriticalSection __wsopen_s 97328->97339 97383 40039a CreateFileW 97329->97383 97331 400927 97332 400931 GetLastError 97331->97332 97333 40095d 97331->97333 97384 3ef2a3 20 API calls __dosmaperr 97332->97384 97333->97328 97335 40093d 97385 3f5333 21 API calls 2 library calls 97335->97385 97337->97283 97338->97289 97339->97289 97341 400450 97340->97341 97342 40046a 97340->97342 97341->97342 97393 3ef2d9 20 API calls __dosmaperr 97341->97393 97386 4003bf 97342->97386 97345 40045f 97394 3f27ec 26 API calls __fread_nolock 97345->97394 97347 4004a2 97348 4004d1 97347->97348 97395 3ef2d9 20 API calls __dosmaperr 97347->97395 97355 400524 97348->97355 97397 3ed70d 26 API calls 2 library calls 97348->97397 97351 40051f 97353 40059e 97351->97353 97351->97355 97352 4004c6 97396 3f27ec 26 API calls __fread_nolock 97352->97396 97398 3f27fc 11 API calls _abort 97353->97398 97355->97293 97355->97294 97357 4005aa 97359 3f522d ___DestructExceptionObject 97358->97359 97401 3f2f5e EnterCriticalSection 97359->97401 97361 3f5234 97362 3f5259 97361->97362 97366 3f52c7 EnterCriticalSection 97361->97366 97368 3f527b 97361->97368 97364 3f5000 __wsopen_s 21 API calls 97362->97364 97365 3f525e 97364->97365 97365->97368 97405 3f5147 EnterCriticalSection 97365->97405 97366->97368 97369 3f52d4 LeaveCriticalSection 97366->97369 97367 3f52a4 __fread_nolock 97367->97298 97402 3f532a 97368->97402 97369->97361 97371->97310 97372->97297 97373->97328 97374->97304 97375->97297 97376->97316 97377->97297 97378->97314 97379->97321 97380->97320 97381->97319 97382->97324 97383->97331 97384->97335 97385->97333 97388 4003d7 97386->97388 97387 4003f2 97387->97347 97388->97387 97399 3ef2d9 20 API calls __dosmaperr 97388->97399 97390 400416 97400 3f27ec 26 API calls __fread_nolock 97390->97400 97392 400421 97392->97347 97393->97345 97394->97342 97395->97352 97396->97348 97397->97351 97398->97357 97399->97390 97400->97392 97401->97361 97406 3f2fa6 LeaveCriticalSection 97402->97406 97404 3f5331 97404->97367 97405->97368 97406->97404 96793 41d35f 96794 41d30c 96793->96794 96796 42df27 SHGetFolderPathW 96794->96796 96797 3c6b57 22 API calls 96796->96797 96798 42df54 96797->96798 96798->96794 96799 41d79f 96800 3c3b1c 3 API calls 96799->96800 96801 41d7bf 96800->96801 96804 3c9c6e 22 API calls 96801->96804 96803 41d7ef 96803->96803 96804->96803 96805 3c2de3 96806 3c2df0 __wsopen_s 96805->96806 96807 3c2e09 96806->96807 96808 402c2b ___scrt_fastfail 96806->96808 96809 3c3aa2 23 API calls 96807->96809 96811 402c47 GetOpenFileNameW 96808->96811 96810 3c2e12 96809->96810 96821 3c2da5 96810->96821 96812 402c96 96811->96812 96814 3c6b57 22 API calls 96812->96814 96816 402cab 96814->96816 96816->96816 96818 3c2e27 96839 3c44a8 96818->96839 96822 401f50 __wsopen_s 96821->96822 96823 3c2db2 GetLongPathNameW 96822->96823 96824 3c6b57 22 API calls 96823->96824 96825 3c2dda 96824->96825 96826 3c3598 96825->96826 96827 3ca961 22 API calls 96826->96827 96828 3c35aa 96827->96828 96829 3c3aa2 23 API calls 96828->96829 96830 3c35b5 96829->96830 96831 4032eb 96830->96831 96832 3c35c0 96830->96832 96837 40330d 96831->96837 96875 3dce60 41 API calls 96831->96875 96833 3c515f 22 API calls 96832->96833 96835 3c35cc 96833->96835 96869 3c35f3 96835->96869 96838 3c35df 96838->96818 96840 3c4ecb 94 API calls 96839->96840 96841 3c44cd 96840->96841 96842 403833 96841->96842 96844 3c4ecb 94 API calls 96841->96844 96843 432cf9 80 API calls 96842->96843 96845 403848 96843->96845 96846 3c44e1 96844->96846 96847 403869 96845->96847 96848 40384c 96845->96848 96846->96842 96849 3c44e9 96846->96849 96851 3dfe0b 22 API calls 96847->96851 96850 3c4f39 68 API calls 96848->96850 96852 403854 96849->96852 96853 3c44f5 96849->96853 96850->96852 96868 4038ae 96851->96868 96891 42da5a 82 API calls 96852->96891 96890 3c940c 136 API calls 2 library calls 96853->96890 96856 403862 96856->96847 96857 3c2e31 96858 403a5f 96863 403a67 96858->96863 96859 3c4f39 68 API calls 96859->96863 96863->96859 96895 42989b 82 API calls __wsopen_s 96863->96895 96865 3c9cb3 22 API calls 96865->96868 96868->96858 96868->96863 96868->96865 96876 3ca4a1 96868->96876 96884 3c3ff7 96868->96884 96892 42967e 22 API calls __fread_nolock 96868->96892 96893 4295ad 42 API calls _wcslen 96868->96893 96894 430b5a 22 API calls 96868->96894 96870 3c3605 96869->96870 96874 3c3624 __fread_nolock 96869->96874 96873 3dfe0b 22 API calls 96870->96873 96871 3dfddb 22 API calls 96872 3c363b 96871->96872 96872->96838 96873->96874 96874->96871 96875->96831 96877 3ca52b 96876->96877 96883 3ca4b1 __fread_nolock 96876->96883 96879 3dfe0b 22 API calls 96877->96879 96878 3dfddb 22 API calls 96880 3ca4b8 96878->96880 96879->96883 96881 3dfddb 22 API calls 96880->96881 96882 3ca4d6 96880->96882 96881->96882 96882->96868 96883->96878 96885 3c400a 96884->96885 96887 3c40ae 96884->96887 96886 3dfe0b 22 API calls 96885->96886 96888 3c403c 96885->96888 96886->96888 96887->96868 96888->96887 96889 3dfddb 22 API calls 96888->96889 96889->96888 96890->96857 96891->96856 96892->96868 96893->96868 96894->96868 96895->96863

                                                                                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                                                                                      Function 003C42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 389 3c42de-3c434d call 3ca961 GetVersionExW call 3c6b57 394 403617-40362a 389->394 395 3c4353 389->395 396 40362b-40362f 394->396 397 3c4355-3c4357 395->397 398 403631 396->398 399 403632-40363e 396->399 400 3c435d-3c43bc call 3c93b2 call 3c37a0 397->400 401 403656 397->401 398->399 399->396 402 403640-403642 399->402 418 3c43c2-3c43c4 400->418 419 4037df-4037e6 400->419 405 40365d-403660 401->405 402->397 404 403648-40364f 402->404 404->394 407 403651 404->407 408 403666-4036a8 405->408 409 3c441b-3c4435 GetCurrentProcess IsWow64Process 405->409 407->401 408->409 413 4036ae-4036b1 408->413 411 3c4494-3c449a 409->411 412 3c4437 409->412 415 3c443d-3c4449 411->415 412->415 416 4036b3-4036bd 413->416 417 4036db-4036e5 413->417 424 3c444f-3c445e LoadLibraryA 415->424 425 403824-403828 GetSystemInfo 415->425 426 4036ca-4036d6 416->426 427 4036bf-4036c5 416->427 420 4036e7-4036f3 417->420 421 4036f8-403702 417->421 418->405 428 3c43ca-3c43dd 418->428 422 403806-403809 419->422 423 4037e8 419->423 420->409 432 403704-403710 421->432 433 403715-403721 421->433 434 4037f4-4037fc 422->434 435 40380b-40381a 422->435 431 4037ee 423->431 436 3c449c-3c44a6 GetSystemInfo 424->436 437 3c4460-3c446e GetProcAddress 424->437 426->409 427->409 429 403726-40372f 428->429 430 3c43e3-3c43e5 428->430 440 403731-403737 429->440 441 40373c-403748 429->441 438 3c43eb-3c43ee 430->438 439 40374d-403762 430->439 431->434 432->409 433->409 434->422 435->431 442 40381c-403822 435->442 444 3c4476-3c4478 436->444 437->436 443 3c4470-3c4474 GetNativeSystemInfo 437->443 445 403791-403794 438->445 446 3c43f4-3c440f 438->446 447 403764-40376a 439->447 448 40376f-40377b 439->448 440->409 441->409 442->434 443->444 449 3c447a-3c447b FreeLibrary 444->449 450 3c4481-3c4493 444->450 445->409 453 40379a-4037c1 445->453 451 403780-40378c 446->451 452 3c4415 446->452 447->409 448->409 449->450 451->409 452->409 454 4037c3-4037c9 453->454 455 4037ce-4037da 453->455 454->409 455->409
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 003C430D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C6B57: _wcslen.LIBCMT ref: 003C6B6A
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,0045CB64,00000000,?,?), ref: 003C4422
                                                                                                                                                                                                                                                                                                                                                      • IsWow64Process.KERNEL32(00000000,?,?), ref: 003C4429
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 003C4454
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 003C4466
                                                                                                                                                                                                                                                                                                                                                      • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 003C4474
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?), ref: 003C447B
                                                                                                                                                                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,?,?), ref: 003C44A0
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f8badfa60bd1d78dc1298e970b0113fbdbcacba06ab75befdb9a9ecc42ab585b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7de1b85565d7b87def0ee6322afa03b0ff7aa5d6b932492fcb2adc9e654e971c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8badfa60bd1d78dc1298e970b0113fbdbcacba06ab75befdb9a9ecc42ab585b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93A1836590A3C2DFE736CB6A78816A57FB86B36301B1448BFDC41D3A72D2354918CB2D
                                                                                                                                                                                                                                                                                                                                                      Function 003C42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 1977 3c42a2-3c42ba CreateStreamOnHGlobal 1978 3c42bc-3c42d3 FindResourceExW 1977->1978 1979 3c42da-3c42dd 1977->1979 1980 3c42d9 1978->1980 1981 4035ba-4035c9 LoadResource 1978->1981 1980->1979 1981->1980 1982 4035cf-4035dd SizeofResource 1981->1982 1982->1980 1983 4035e3-4035ee LockResource 1982->1983 1983->1980 1984 4035f4-403612 1983->1984 1984->1980
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,003C50AA,?,?,00000000,00000000), ref: 003C42B2
                                                                                                                                                                                                                                                                                                                                                      • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,003C50AA,?,?,00000000,00000000), ref: 003C42C9
                                                                                                                                                                                                                                                                                                                                                      • LoadResource.KERNEL32(?,00000000,?,?,003C50AA,?,?,00000000,00000000,?,?,?,?,?,?,003C4F20), ref: 004035BE
                                                                                                                                                                                                                                                                                                                                                      • SizeofResource.KERNEL32(?,00000000,?,?,003C50AA,?,?,00000000,00000000,?,?,?,?,?,?,003C4F20), ref: 004035D3
                                                                                                                                                                                                                                                                                                                                                      • LockResource.KERNEL32(003C50AA,?,?,003C50AA,?,?,00000000,00000000,?,?,?,?,?,?,003C4F20,?), ref: 004035E6
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                      • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ddd15c9ac086109be906172e27637c05a312facf6ab0ecd0a3414cf3024fd1de
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f2b1e26083a41d6950ae832bb5e763be9948570d46c628352ef9902e8622bc72
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ddd15c9ac086109be906172e27637c05a312facf6ab0ecd0a3414cf3024fd1de
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06115A70600700BFD7228B65DC89F277BB9EBC5B52F2045ADB806D66A0DB71DC00D761
                                                                                                                                                                                                                                                                                                                                                      Function 00402BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 003C2B6B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00491418,?,003C2E7F,?,?,?,00000000), ref: 003C3A78
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C9CB3: _wcslen.LIBCMT ref: 003C9CBD
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(runas,?,?,?,?,?,00482224), ref: 00402C10
                                                                                                                                                                                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,?,?,00482224), ref: 00402C17
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: runas
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 292c2f03986a152a39385efc3f6831112fc3685548421eca3f59235584d56a11
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fc8e3f36ccd11c2bbd8d745b2f14bd8e0044f13c6d1e26b36d04de973ff3969a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 292c2f03986a152a39385efc3f6831112fc3685548421eca3f59235584d56a11
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3111A2312083416AC716FF60D895F6EBBA4AB95300F44843EF0429B0A3CF658D4A8756
                                                                                                                                                                                                                                                                                                                                                      Function 0042D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 0042D501
                                                                                                                                                                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 0042D50F
                                                                                                                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 0042D52F
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0042D5DC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: baaad3fbceea6ef17b5c04e8caede695dade7dfb14fe12ac7df5762b23ce81e1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d977e088c3fc5a086c531507858f0fccdf98d66669f6d547dad121d1a53db4a6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: baaad3fbceea6ef17b5c04e8caede695dade7dfb14fe12ac7df5762b23ce81e1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50319271108300AFD301EF54D885FAFBBE8EF99344F50092EF581C61A1EB719984CB92
                                                                                                                                                                                                                                                                                                                                                      Function 0042DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,00405222), ref: 0042DBCE
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 0042DBDD
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 0042DBEE
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0042DBFA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4c7259df6fe0ceb769f2ecd26c5381091cfa3736fb8d04cbbfe19e8e6093c5db
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5b89c3d915638b7db968cd378e31e56890b63d818e652a576e6cc65fd29ef79b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c7259df6fe0ceb769f2ecd26c5381091cfa3736fb8d04cbbfe19e8e6093c5db
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43F0A030C10B205B82206B78AC4D8AB376C9E01336B944753F836D21E1EBB49955C69E
                                                                                                                                                                                                                                                                                                                                                      Function 0041D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                      • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a2f1c8af13e8051ba01b8a8e928dca7bf55e58adf6164eb9decd8b9f95068e76
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c5a22366f59e20ecf0af9cbb570c62046e9af1fe2236e276871a0e4354b4c5ea
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2f1c8af13e8051ba01b8a8e928dca7bf55e58adf6164eb9decd8b9f95068e76
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34D012F1C08218E9CB5096D0DC85AF9B37CFB19301F6084A3F81691441D63CD589A76B
                                                                                                                                                                                                                                                                                                                                                      Function 003E4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(003F28E9,?,003E4CBE,003F28E9,004888B8,0000000C,003E4E15,003F28E9,00000002,00000000,?,003F28E9), ref: 003E4D09
                                                                                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,003E4CBE,003F28E9,004888B8,0000000C,003E4E15,003F28E9,00000002,00000000,?,003F28E9), ref: 003E4D10
                                                                                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 003E4D22
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bcb8a115da4945ecf858f8ff032138e4b8e6d56c594feeb6cfcf727155887fc9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0bb48f1eb1434e66616bf2feab588755a50ee3783ae3c8706eb0af80034255eb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bcb8a115da4945ecf858f8ff032138e4b8e6d56c594feeb6cfcf727155887fc9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1E0B63100079CAFCF12AF55DD49A593F69EF85782B114164FD05CA273CB35DD42CA84
                                                                                                                                                                                                                                                                                                                                                      Function 0041D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetUserNameW.ADVAPI32(?,?), ref: 0041D28C
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                      • String ID: X64
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bbc0c98a02625d68d3eff0c78c78bc6e4c4efad8dedf0875eff7643b9b38cbb7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c310828df3e6ec0dc466e93ad7686e703c327044aaee2c977f691a5eff7c6aca
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bbc0c98a02625d68d3eff0c78c78bc6e4c4efad8dedf0875eff7643b9b38cbb7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7D0C9B580121DEECF90CB90ECC8DD9B3BCBB04305F100192F106A2540D77495498F10
                                                                                                                                                                                                                                                                                                                                                      Function 003CBF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: p#I
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3964851224-437862167
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d162f685cef08cc1aa2c25361ff8b4e37b5f1ae74e56c45d4b997288837ecd16
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a50f3f090b1e8f787b4fa1dbce0d3755dde8c65d1f408f42aaa203f4e8201289
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d162f685cef08cc1aa2c25361ff8b4e37b5f1ae74e56c45d4b997288837ecd16
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55A28B706183019FC721DF24C480B6ABBE5BF89304F14996EE89ACB352D775EC85CB92
                                                                                                                                                                                                                                                                                                                                                      Function 0044AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 0 44aff9-44b056 call 3e2340 3 44b094-44b098 0->3 4 44b058-44b06b call 3cb567 0->4 5 44b0dd-44b0e0 3->5 6 44b09a-44b0bb call 3cb567 * 2 3->6 15 44b06d-44b092 call 3cb567 * 2 4->15 16 44b0c8 4->16 8 44b0f5-44b119 call 3c7510 call 3c7620 5->8 9 44b0e2-44b0e5 5->9 30 44b0bf-44b0c4 6->30 32 44b11f-44b178 call 3c7510 call 3c7620 call 3c7510 call 3c7620 call 3c7510 call 3c7620 8->32 33 44b1d8-44b1e0 8->33 12 44b0e8-44b0ed call 3cb567 9->12 12->8 15->30 20 44b0cb-44b0cf 16->20 26 44b0d1-44b0d7 20->26 27 44b0d9-44b0db 20->27 26->12 27->5 27->8 30->5 34 44b0c6 30->34 80 44b1a6-44b1d6 GetSystemDirectoryW call 3dfe0b GetSystemDirectoryW 32->80 81 44b17a-44b195 call 3c7510 call 3c7620 32->81 35 44b1e2-44b1fd call 3c7510 call 3c7620 33->35 36 44b20a-44b238 GetCurrentDirectoryW call 3dfe0b GetCurrentDirectoryW 33->36 34->20 35->36 50 44b1ff-44b208 call 3e4963 35->50 45 44b23c 36->45 48 44b240-44b244 45->48 51 44b275-44b285 call 4300d9 48->51 52 44b246-44b270 call 3c9c6e * 3 48->52 50->36 50->51 64 44b287-44b289 51->64 65 44b28b-44b2e1 call 4307c0 call 4306e6 call 4305a7 51->65 52->51 68 44b2ee-44b2f2 64->68 65->68 96 44b2e3 65->96 70 44b2f8-44b321 call 4211c8 68->70 71 44b39a-44b3be CreateProcessW 68->71 85 44b323-44b328 call 421201 70->85 86 44b32a call 4214ce 70->86 78 44b3c1-44b3d4 call 3dfe14 * 2 71->78 101 44b3d6-44b3e8 78->101 102 44b42f-44b43d CloseHandle 78->102 80->45 81->80 107 44b197-44b1a0 call 3e4963 81->107 100 44b32f-44b33c call 3e4963 85->100 86->100 96->68 115 44b347-44b357 call 3e4963 100->115 116 44b33e-44b345 100->116 105 44b3ed-44b3fc 101->105 106 44b3ea 101->106 109 44b49c 102->109 110 44b43f-44b444 102->110 111 44b401-44b42a GetLastError call 3c630c call 3ccfa0 105->111 112 44b3fe 105->112 106->105 107->48 107->80 113 44b4a0-44b4a4 109->113 117 44b446-44b44c CloseHandle 110->117 118 44b451-44b456 110->118 130 44b4e5-44b4f6 call 430175 111->130 112->111 122 44b4a6-44b4b0 113->122 123 44b4b2-44b4bc 113->123 133 44b362-44b372 call 3e4963 115->133 134 44b359-44b360 115->134 116->115 116->116 117->118 119 44b463-44b468 118->119 120 44b458-44b45e CloseHandle 118->120 127 44b475-44b49a call 4309d9 call 44b536 119->127 128 44b46a-44b470 CloseHandle 119->128 120->119 122->130 131 44b4c4-44b4e3 call 3ccfa0 CloseHandle 123->131 132 44b4be 123->132 127->113 128->127 131->130 132->131 146 44b374-44b37b 133->146 147 44b37d-44b398 call 3dfe14 * 3 133->147 134->133 134->134 146->146 146->147 147->78
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0044B198
                                                                                                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0044B1B0
                                                                                                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0044B1D4
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0044B200
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0044B214
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0044B236
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0044B332
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004305A7: GetStdHandle.KERNEL32(000000F6), ref: 004305C6
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0044B34B
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0044B366
                                                                                                                                                                                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0044B3B6
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 0044B407
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0044B439
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0044B44A
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0044B45C
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0044B46E
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0044B4E3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1096f9c1643284505fd7e33fb058c7de845ef2b03c23298851d8c945443e3e82
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cfbe1efe625cfc5fd408d0aab69909c3784c9c7e7b2aa2c3dc82fe2038c67f45
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1096f9c1643284505fd7e33fb058c7de845ef2b03c23298851d8c945443e3e82
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85F177316083409FD715EF25C891B2BBBE5EF85314F14895EF8899B2A2CB35EC05CB96
                                                                                                                                                                                                                                                                                                                                                      Function 003CD730 Relevance: 21.6, APIs: 14, Instructions: 629windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetInputState.USER32 ref: 003CD807
                                                                                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 003CDA07
                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 003CDB28
                                                                                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 003CDB7B
                                                                                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 003CDB89
                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 003CDB9F
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 003CDBB1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0bcf62e34d37bf2abfe95177d51a3573845286b7f164d6c0a97a257fba854199
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7a37fd70f4a986826e073fa2d08afc27afff3eb977947f7fe3184e9a41ad85f1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0bcf62e34d37bf2abfe95177d51a3573845286b7f164d6c0a97a257fba854199
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5142D030608341AFD72ADF24C884FAAB7A5BF45304F15452EF456CB2A1D7B4EC94CB96
                                                                                                                                                                                                                                                                                                                                                      Function 003C2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 003C2D07
                                                                                                                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(00000030), ref: 003C2D31
                                                                                                                                                                                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 003C2D42
                                                                                                                                                                                                                                                                                                                                                      • InitCommonControlsEx.COMCTL32(?), ref: 003C2D5F
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 003C2D6F
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A9), ref: 003C2D85
                                                                                                                                                                                                                                                                                                                                                      • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 003C2D94
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 830e4e63daef9b6141da411bab47228fce21318104f0ee55dd17dcb882609a97
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: aedc8e18252e27833a03e20e8b78a4d9e49e792aa69250459e2b5de1a109a838
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 830e4e63daef9b6141da411bab47228fce21318104f0ee55dd17dcb882609a97
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD21C3B590131AAFDB00DFA4EC89BDDBBB4FB08B01F10813AF911A62A1D7B54544CF99
                                                                                                                                                                                                                                                                                                                                                      Function 0040065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 457 40065b-40068b call 40042f 460 4006a6-4006b2 call 3f5221 457->460 461 40068d-400698 call 3ef2c6 457->461 467 4006b4-4006c9 call 3ef2c6 call 3ef2d9 460->467 468 4006cb-400714 call 40039a 460->468 466 40069a-4006a1 call 3ef2d9 461->466 477 40097d-400983 466->477 467->466 475 400781-40078a GetFileType 468->475 476 400716-40071f 468->476 481 4007d3-4007d6 475->481 482 40078c-4007bd GetLastError call 3ef2a3 CloseHandle 475->482 479 400721-400725 476->479 480 400756-40077c GetLastError call 3ef2a3 476->480 479->480 486 400727-400754 call 40039a 479->486 480->466 484 4007d8-4007dd 481->484 485 4007df-4007e5 481->485 482->466 496 4007c3-4007ce call 3ef2d9 482->496 489 4007e9-400837 call 3f516a 484->489 485->489 490 4007e7 485->490 486->475 486->480 499 400847-40086b call 40014d 489->499 500 400839-400845 call 4005ab 489->500 490->489 496->466 507 40086d 499->507 508 40087e-4008c1 499->508 500->499 506 40086f-400879 call 3f86ae 500->506 506->477 507->506 509 4008e2-4008f0 508->509 510 4008c3-4008c7 508->510 513 4008f6-4008fa 509->513 514 40097b 509->514 510->509 512 4008c9-4008dd 510->512 512->509 513->514 516 4008fc-40092f CloseHandle call 40039a 513->516 514->477 519 400931-40095d GetLastError call 3ef2a3 call 3f5333 516->519 520 400963-400977 516->520 519->520 520->514
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0040039A: CreateFileW.KERNEL32(00000000,00000000,?,00400704,?,?,00000000,?,00400704,00000000,0000000C), ref: 004003B7
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0040076F
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00400776
                                                                                                                                                                                                                                                                                                                                                      • GetFileType.KERNEL32(00000000), ref: 00400782
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0040078C
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00400795
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 004007B5
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 004008FF
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00400931
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00400938
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                      • String ID: H
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7e8da3948ff94ba819d3d62cba25730b4b307a196a6e934120b61ffea2ebc46f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e587475019e1f49bdae13cd49facc92fd5c477a0d7b62504bd06c80444e38327
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e8da3948ff94ba819d3d62cba25730b4b307a196a6e934120b61ffea2ebc46f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6A13732A001488FDF19AF68D851BAE7BA0EB06320F14417EF815AF3D1D7799D12CB99
                                                                                                                                                                                                                                                                                                                                                      Function 003C344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00491418,?,003C2E7F,?,?,?,00000000), ref: 003C3A78
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 003C3379
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 003C356A
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0040318D
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 004031CE
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00403210
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00403277
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00403286
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                      • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8790f66b567c7919a40d40d2270a9b2731299135fd25282dda6690b8127c5813
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 32a99ed4ceaad37e43e87a1696a953504629e507e11c2c6fd050447b64f4ce17
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8790f66b567c7919a40d40d2270a9b2731299135fd25282dda6690b8127c5813
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD718E71404300AEC325EF65ED82A5BBBE8BF95740B40453FF845D72A1DB749A48CB59
                                                                                                                                                                                                                                                                                                                                                      Function 003C2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 003C2B8E
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 003C2B9D
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 003C2BB3
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A4), ref: 003C2BC5
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A2), ref: 003C2BD7
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 003C2BEF
                                                                                                                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(?), ref: 003C2C40
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C2CD4: GetSysColorBrush.USER32(0000000F), ref: 003C2D07
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C2CD4: RegisterClassExW.USER32(00000030), ref: 003C2D31
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 003C2D42
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C2CD4: InitCommonControlsEx.COMCTL32(?), ref: 003C2D5F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 003C2D6F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C2CD4: LoadIconW.USER32(000000A9), ref: 003C2D85
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 003C2D94
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c6c1624d0be35a89d3384a09545bd5d4e21ee841eb92884745827da474654089
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3229c5dea832e5a31b7837e9c9e4b169ddc58f7ceecf7f3a706a06aca66f110d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6c1624d0be35a89d3384a09545bd5d4e21ee841eb92884745827da474654089
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47213A70E00319AFEB219FA5EC89B997FB4FB18B50F00413BE905A66B0D3B14540CF98
                                                                                                                                                                                                                                                                                                                                                      Function 003CB710 Relevance: 16.3, APIs: 1, Strings: 8, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 003CBB4E
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                      • String ID: p#I$p#I$p#I$p#I$p%I$p%I$x#I$x#I
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-1566815413
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a609fe4b3a39bdff7210539aab9b1e7ec62eb2cd92fd52cea0aacc95d99c270a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3a36f48560e8ba3e69d97309e9802a24dafadb6b3c900e46f2864536e6f9a487
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a609fe4b3a39bdff7210539aab9b1e7ec62eb2cd92fd52cea0aacc95d99c270a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1132CD35A00209EFCB21CF64C985FBAB7B9EF44310F15806AED15AB351C7B9AD81CB95
                                                                                                                                                                                                                                                                                                                                                      Function 003C3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 805 3c3170-3c3185 806 3c31e5-3c31e7 805->806 807 3c3187-3c318a 805->807 806->807 808 3c31e9 806->808 809 3c318c-3c3193 807->809 810 3c31eb 807->810 811 3c31d0-3c31d8 DefWindowProcW 808->811 814 3c3199-3c319e 809->814 815 3c3265-3c326d PostQuitMessage 809->815 812 402dfb-402e23 call 3c18e2 call 3de499 810->812 813 3c31f1-3c31f6 810->813 818 3c31de-3c31e4 811->818 848 402e28-402e2f 812->848 820 3c321d-3c3244 SetTimer RegisterWindowMessageW 813->820 821 3c31f8-3c31fb 813->821 816 3c31a4-3c31a8 814->816 817 402e7c-402e90 call 42bf30 814->817 819 3c3219-3c321b 815->819 824 3c31ae-3c31b3 816->824 825 402e68-402e72 call 42c161 816->825 817->819 842 402e96 817->842 819->818 820->819 826 3c3246-3c3251 CreatePopupMenu 820->826 828 402d9c-402d9f 821->828 829 3c3201-3c320f KillTimer call 3c30f2 821->829 831 3c31b9-3c31be 824->831 832 402e4d-402e54 824->832 838 402e77 825->838 826->819 834 402da1-402da5 828->834 835 402dd7-402df6 MoveWindow 828->835 846 3c3214 call 3c3c50 829->846 840 3c31c4-3c31ca 831->840 841 3c3253-3c3263 call 3c326f 831->841 832->811 845 402e5a-402e63 call 420ad7 832->845 843 402dc6-402dd2 SetFocus 834->843 844 402da7-402daa 834->844 835->819 838->819 840->811 840->848 841->819 842->811 843->819 844->840 849 402db0-402dc1 call 3c18e2 844->849 845->811 846->819 848->811 853 402e35-402e48 call 3c30f2 call 3c3837 848->853 849->819 853->811
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,003C316A,?,?), ref: 003C31D8
                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,00000001,?,?,?,?,?,003C316A,?,?), ref: 003C3204
                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 003C3227
                                                                                                                                                                                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,003C316A,?,?), ref: 003C3232
                                                                                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 003C3246
                                                                                                                                                                                                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 003C3267
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                      • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b8f54c4de3c96cb387d8377596c03f5470016da978012c0716c15057df581b51
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9ac607e96ceb02a064fbf928e95cb45a8b2e8895164e9db4e613e2cff7f97fbc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8f54c4de3c96cb387d8377596c03f5470016da978012c0716c15057df581b51
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA41C531244205AEDF262B68DD4DF793A69EB15340F08853FF902D56E2C7B5CE409BA9
                                                                                                                                                                                                                                                                                                                                                      Function 003CDFD0 Relevance: 15.4, APIs: 2, Strings: 6, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: D%I$D%I$D%I$D%I$D%ID%I$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1274841712
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c8b7bf8f9fe04f058fadec351f7bbf969dfd5c49d3f803bc9400258e0a6c2e90
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d94d141e0e9ddbb4f4c22bc825e0f4bb17f085507ef5f6c13e43d89506bd794a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8b7bf8f9fe04f058fadec351f7bbf969dfd5c49d3f803bc9400258e0a6c2e90
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64C29875A00214DFCB26CF98C880FADB7B5BF08314F25856AE906AB391D375ED81CB95
                                                                                                                                                                                                                                                                                                                                                      Function 003CEC40 Relevance: 15.2, APIs: 3, Strings: 5, Instructions: 1195COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 003CFE66
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                      • String ID: D%I$D%I$D%I$D%I$D%ID%I
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-1750722870
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0d862824c4b165c7d283865e75368edc52ecc7e379dc8502a2b6f4d1aa3fc49d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 527dbc681b1ff5406c8e6f96fea6bee602012767088ddd460ffbb75e797cdf77
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d862824c4b165c7d283865e75368edc52ecc7e379dc8502a2b6f4d1aa3fc49d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05B29C75608340DFCB25CF14C480B2AB7E2BF99314F25896EE8868B391D775ED81CB92
                                                                                                                                                                                                                                                                                                                                                      Function 003C1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 1814 3c1410-3c1449 1815 3c144f-3c1465 mciSendStringW 1814->1815 1816 4024b8-4024b9 DestroyWindow 1814->1816 1817 3c146b-3c1473 1815->1817 1818 3c16c6-3c16d3 1815->1818 1819 4024c4-4024d1 1816->1819 1817->1819 1820 3c1479-3c1488 call 3c182e 1817->1820 1821 3c16f8-3c16ff 1818->1821 1822 3c16d5-3c16f0 UnregisterHotKey 1818->1822 1823 402500-402507 1819->1823 1824 4024d3-4024d6 1819->1824 1835 3c148e-3c1496 1820->1835 1836 40250e-40251a 1820->1836 1821->1817 1827 3c1705 1821->1827 1822->1821 1826 3c16f2-3c16f3 call 3c10d0 1822->1826 1823->1819 1832 402509 1823->1832 1828 4024e2-4024e5 FindClose 1824->1828 1829 4024d8-4024e0 call 3c6246 1824->1829 1826->1821 1827->1818 1834 4024eb-4024f8 1828->1834 1829->1834 1832->1836 1834->1823 1840 4024fa-4024fb call 4332b1 1834->1840 1841 3c149c-3c14c1 call 3ccfa0 1835->1841 1842 402532-40253f 1835->1842 1837 402524-40252b 1836->1837 1838 40251c-40251e FreeLibrary 1836->1838 1837->1836 1843 40252d 1837->1843 1838->1837 1840->1823 1852 3c14f8-3c1503 CoUninitialize 1841->1852 1853 3c14c3 1841->1853 1844 402541-40255e VirtualFree 1842->1844 1845 402566-40256d 1842->1845 1843->1842 1844->1845 1848 402560-402561 call 433317 1844->1848 1845->1842 1849 40256f 1845->1849 1848->1845 1855 402574-402578 1849->1855 1852->1855 1856 3c1509-3c150e 1852->1856 1854 3c14c6-3c14f6 call 3c1a05 call 3c19ae 1853->1854 1854->1852 1855->1856 1860 40257e-402584 1855->1860 1858 3c1514-3c151e 1856->1858 1859 402589-402596 call 4332eb 1856->1859 1863 3c1524-3c15a5 call 3c988f call 3c1944 call 3c17d5 call 3dfe14 call 3c177c call 3c988f call 3ccfa0 call 3c17fe call 3dfe14 1858->1863 1864 3c1707-3c1714 call 3df80e 1858->1864 1872 402598 1859->1872 1860->1856 1876 40259d-4025bf call 3dfdcd 1863->1876 1904 3c15ab-3c15cf call 3dfe14 1863->1904 1864->1863 1874 3c171a 1864->1874 1872->1876 1874->1864 1882 4025c1 1876->1882 1886 4025c6-4025e8 call 3dfdcd 1882->1886 1892 4025ea 1886->1892 1894 4025ef-402611 call 3dfdcd 1892->1894 1900 402613 1894->1900 1903 402618-402625 call 4264d4 1900->1903 1909 402627 1903->1909 1904->1886 1910 3c15d5-3c15f9 call 3dfe14 1904->1910 1913 40262c-402639 call 3dac64 1909->1913 1910->1894 1914 3c15ff-3c1619 call 3dfe14 1910->1914 1919 40263b 1913->1919 1914->1903 1920 3c161f-3c1643 call 3c17d5 call 3dfe14 1914->1920 1922 402640-40264d call 433245 1919->1922 1920->1913 1929 3c1649-3c1651 1920->1929 1927 40264f 1922->1927 1930 402654-402661 call 4332cc 1927->1930 1929->1922 1931 3c1657-3c1675 call 3c988f call 3c190a 1929->1931 1936 402663 1930->1936 1931->1930 1940 3c167b-3c1689 1931->1940 1939 402668-402675 call 4332cc 1936->1939 1946 402677 1939->1946 1940->1939 1941 3c168f-3c16c5 call 3c988f * 3 call 3c1876 1940->1941 1946->1946
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 003C1459
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.COMBASE ref: 003C14F8
                                                                                                                                                                                                                                                                                                                                                      • UnregisterHotKey.USER32(?), ref: 003C16DD
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 004024B9
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 0040251E
                                                                                                                                                                                                                                                                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0040254B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: close all
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 132ddb6a79df6b4ac6a49b1d32001eea6aa582bc41e9efecf65ce5b773c72bca
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9003951656a794ffb2dc28bd888549ead189a129f801166ff6502dcb7efd0a61
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 132ddb6a79df6b4ac6a49b1d32001eea6aa582bc41e9efecf65ce5b773c72bca
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFD16F317012129FCB1AEF15C999F29F7A4BF05700F1541AEE84AAB392CB35AD12DF58
                                                                                                                                                                                                                                                                                                                                                      Function 0042DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 1953 42de27-42de4a WSAStartup 1954 42de50-42de71 gethostname gethostbyname 1953->1954 1955 42dee6-42def2 call 3e4983 1953->1955 1954->1955 1956 42de73-42de7a 1954->1956 1961 42def3-42def6 1955->1961 1959 42de83-42de85 1956->1959 1960 42de7c-42de81 1956->1960 1962 42de96-42dedb call 3e0e20 inet_ntoa call 3ed5f0 call 42ebd1 call 3e4983 call 3dfe14 1959->1962 1963 42de87-42de94 call 3e4983 1959->1963 1960->1959 1960->1960 1968 42dede-42dee4 WSACleanup 1962->1968 1963->1968 1968->1961
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 03cdf7955fa02ee58d272b604a7eadafaec446faa9d4de79b37ba57d46bd5a5d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8e0ee0cf8d68ea56747d1795dd9811507fdb77875f3b8c6678e01c3e919068ed
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03cdf7955fa02ee58d272b604a7eadafaec446faa9d4de79b37ba57d46bd5a5d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19113A71A00325AFCB21BB21AC4AEEF776CDF14311F01017AF445EA192EF78CA818A58
                                                                                                                                                                                                                                                                                                                                                      Function 003C2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 1987 3c2c63-3c2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 003C2C91
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 003C2CB2
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?,?,?,?,?,003C1CAD,?), ref: 003C2CC6
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?,?,?,?,?,003C1CAD,?), ref: 003C2CCF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c26c493d5903e7ad1b92cb92e8ab209e2b88da09eaa26cf37caf19ac4a2d465e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fa2b600b89bc286f7cd07a37b2953ae672304d8f3045606a299cdff4d83d3b09
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c26c493d5903e7ad1b92cb92e8ab209e2b88da09eaa26cf37caf19ac4a2d465e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3DF017755403917EEB300723AC48E772EBDD7DAF51B00007BFD04A25B0C2750840DAB8
                                                                                                                                                                                                                                                                                                                                                      Function 003C3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 2412 3c3b1c-3c3b27 2413 3c3b99-3c3b9b 2412->2413 2414 3c3b29-3c3b2e 2412->2414 2415 3c3b8c-3c3b8f 2413->2415 2414->2413 2416 3c3b30-3c3b48 RegOpenKeyExW 2414->2416 2416->2413 2417 3c3b4a-3c3b69 RegQueryValueExW 2416->2417 2418 3c3b6b-3c3b76 2417->2418 2419 3c3b80-3c3b8b RegCloseKey 2417->2419 2420 3c3b78-3c3b7a 2418->2420 2421 3c3b90-3c3b97 2418->2421 2419->2415 2422 3c3b7e 2420->2422 2421->2422 2422->2419
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,003C3B0F,SwapMouseButtons,00000004,?), ref: 003C3B40
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,003C3B0F,SwapMouseButtons,00000004,?), ref: 003C3B61
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,003C3B0F,SwapMouseButtons,00000004,?), ref: 003C3B83
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                      • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1baf8e8784de0e74ca03b9d2c7c7b5ef4ae70585acbc3099f5892fba9d2c2f05
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f53a8634eaaec1ba9d292a5f18b5f0eee282a7789b836054ab777b906e8a67a0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1baf8e8784de0e74ca03b9d2c7c7b5ef4ae70585acbc3099f5892fba9d2c2f05
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C112AB5510208FFDB218FA5DC84EEFB7BCEF04755B118469B805D7110D231DE409B64
                                                                                                                                                                                                                                                                                                                                                      Function 0041D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 2423 41d3a0-41d3a9 2424 41d376-41d37b 2423->2424 2425 41d3ab-41d3b7 2423->2425 2426 41d292-41d2a8 2424->2426 2427 41d3c9 2425->2427 2428 41d3b9-41d3c7 GetProcAddress 2425->2428 2431 41d2a9 2426->2431 2430 41d3ce-41d3de 2427->2430 2428->2427 2428->2430 2430->2426 2433 41d3e4-41d3eb FreeLibrary 2430->2433 2431->2431 2433->2426
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 0041D3BF
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32 ref: 0041D3E5
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 063e11048a64a2348a0d3dfc192aadb8b4873dd6b12d70c539cc3ebea077279f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 675180d3adc94dcd05385d437d231b48652707cc2fc01bc5bc17e25c54d46693
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 063e11048a64a2348a0d3dfc192aadb8b4873dd6b12d70c539cc3ebea077279f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71F0ECB5C05B259FD77512105CD4AEA3314AF11702F6485A7EC12F1209D77CCDC5869F
                                                                                                                                                                                                                                                                                                                                                      Function 003C3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 004033A2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C6B57: _wcslen.LIBCMT ref: 003C6B6A
                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,?), ref: 003C3A04
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: eaf145352cd9adeee6cf336684a235047b3eac080ffd80b1dfc7b4e461a11b43
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 26880e3c595e649e5ee0871835d0ae2ef8db6605baf7f352444f721dfaae44f8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eaf145352cd9adeee6cf336684a235047b3eac080ffd80b1dfc7b4e461a11b43
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB31B271508301AAD722EB20DC46FEBB7E8AB44714F10493EF599D71A1DB749E48C7C6
                                                                                                                                                                                                                                                                                                                                                      Function 003C2DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetOpenFileNameW.COMDLG32(?), ref: 00402C8C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,003C3A97,?,?,003C2E7F,?,?,?,00000000), ref: 003C3AC2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C2DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 003C2DC4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID: X$`eH
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 779396738-3377190430
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 49ab3fce24bf18cbb23d5c8a6e664fda0eb794a968080c862ff34b89db5ed33e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b32dcb1aba4f24863c2dc3e40c7321d4fff64599e78911372e1aa82764b378c8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49ab3fce24bf18cbb23d5c8a6e664fda0eb794a968080c862ff34b89db5ed33e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D219671A002589FDB42EF94C849BDE7BFC9F49714F00806EE405FB281DBB859498F65
                                                                                                                                                                                                                                                                                                                                                      Function 003DFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 003E0668
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E32A4: RaiseException.KERNEL32(?,?,?,003E068A,?,00491444,?,?,?,?,?,?,003E068A,003C1129,00488738,003C1129), ref: 003E3304
                                                                                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 003E0685
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                      • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f21e37eef9dda061d594deb6b5da77706a21c0860efc6a6ac4b2f5488d7a99fd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3b821ac686ae66f7a2adeb43d0f1e3b136c783b4dfae9798a17be1d6bc39f85e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f21e37eef9dda061d594deb6b5da77706a21c0860efc6a6ac4b2f5488d7a99fd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19F04C3080028C77CF06B766EC86E5E777D9E00300BA04736B914DA6D5EFB0DA59C6C0
                                                                                                                                                                                                                                                                                                                                                      Function 003C10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 003C1BF4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 003C1BFC
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 003C1C07
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 003C1C12
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 003C1C1A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 003C1C22
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C1B4A: RegisterWindowMessageW.USER32(00000004,?,003C12C4), ref: 003C1BA2
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 003C136A
                                                                                                                                                                                                                                                                                                                                                      • OleInitialize.OLE32 ref: 003C1388
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000), ref: 004024AB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 31ab790a3e830afa519c4974a3df0ab9482c9abc786e9153b7c4ebc2f8747af1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 56bb76280c7009badd3982160c399ff89a2c78f6b20400c27e877b7b425f00ef
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 31ab790a3e830afa519c4974a3df0ab9482c9abc786e9153b7c4ebc2f8747af1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E71CFB4901302AFC785EF7AA985A553AE0FBA8364756813FD41ACB372E7344805DF4C
                                                                                                                                                                                                                                                                                                                                                      Function 0042C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 003C3A04
                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0042C259
                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,00000001,?,?), ref: 0042C261
                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0042C270
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9cd3bb3373981121272540a1ab86c7d2f2aa870bd1619ed17d90e5e0557c6b84
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a714a87fca3d5cd05759e527f766eef91ab2187a29b123adaa1fa7bf3e1e4a59
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9cd3bb3373981121272540a1ab86c7d2f2aa870bd1619ed17d90e5e0557c6b84
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3131D470A04364AFEB32CB649885BEBBBEC9B06344F0004DAD59A97242C7785A85CB65
                                                                                                                                                                                                                                                                                                                                                      Function 003F86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,?,?,003F85CC,?,00488CC8,0000000C), ref: 003F8704
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,003F85CC,?,00488CC8,0000000C), ref: 003F870E
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 003F8739
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2d5b8686a95fb8035ddf9f875ca4983b2ed81988fb577d5531b27cea516f44ef
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c7d83c777ab9ebeb309e2dba6f1acfc2c85187708c19de86e3394af7a48810de
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d5b8686a95fb8035ddf9f875ca4983b2ed81988fb577d5531b27cea516f44ef
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97012F377056681AD62B63346849B7E67894B92779F3B012AFB14DF1D2DEA0CC818154
                                                                                                                                                                                                                                                                                                                                                      Function 003CDB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 003CDB7B
                                                                                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 003CDB89
                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 003CDB9F
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 003CDBB1
                                                                                                                                                                                                                                                                                                                                                      • TranslateAcceleratorW.USER32(?,?,?), ref: 00411CC9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fea451e73ed449fa4801e2f98939deae50c8d64d8a8ca6996c583e03dfa2edf3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3ddaa69deb357b750f4ba1ed9b5f980957838880a35f61b08e933ea462de10b3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fea451e73ed449fa4801e2f98939deae50c8d64d8a8ca6996c583e03dfa2edf3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8DF054316443419FE730D760DC85FDA77ACEB44311F10453AF609C70D0EB3498849B19
                                                                                                                                                                                                                                                                                                                                                      Function 003D1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 003D17F6
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                      • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 65a5ec26fae91479e6dc77369f2a9a0ca4eb5d405211b865ad7199f81438bf67
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f4902581c31964e542a35de8b02dc6aa5bfa3ce51d8b7e736fa6acad4d4ca84e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65a5ec26fae91479e6dc77369f2a9a0ca4eb5d405211b865ad7199f81438bf67
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB22BD71608301AFC715CF14E480B2ABBF6BF89314F15892EF8968B361D775E985CB86
                                                                                                                                                                                                                                                                                                                                                      Function 003D01E0 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cc6bf560880889263182dfa0708a15ceb47d21c61c8b9dabcab43717ea13f02d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 935ca1c89709296b0a4ab459565e25248bb3a78bbe17bb10ec811795ce5221c1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc6bf560880889263182dfa0708a15ceb47d21c61c8b9dabcab43717ea13f02d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C232DF32A00604DFCB16DF54E885BEEB7B5AF44310F14896AF816AB3A1D735ED80CB95
                                                                                                                                                                                                                                                                                                                                                      Function 0041D363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetComputerNameW.KERNEL32(?,?), ref: 0041D375
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ComputerName
                                                                                                                                                                                                                                                                                                                                                      • String ID: X64
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3545744682-893830106
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ed86eef8811c9c4a24e9e92fd76752a83ce7da582d206067228c932e06c63ccf
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 69f6a7f3db9dae0b734a5369f347574605964f6c74ff16b9f3b29c21eec11ea8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed86eef8811c9c4a24e9e92fd76752a83ce7da582d206067228c932e06c63ccf
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AED0C9F5C0522CEECB94CB40ECC8DD9B37CBB04301F504192F406A2500D77895899B15
                                                                                                                                                                                                                                                                                                                                                      Function 003C3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000000,?), ref: 003C3908
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 270548fda2510cb88e33ef9fd6d513de8d519c74c9d6e9a48988934d8e712f76
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 033b6581aaa3c0f94ebe7fc03094150a5cba99bd305e72acfb48f1e879f1e612
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 270548fda2510cb88e33ef9fd6d513de8d519c74c9d6e9a48988934d8e712f76
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB315A706043019FE721DF24D885B97BBE8FB49709F00092EF99997290E771AA48CB56
                                                                                                                                                                                                                                                                                                                                                      Function 003DF645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 003DF661
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003CD730: GetInputState.USER32 ref: 003CD807
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 0041F2DE
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1e42cecd4405744ba14ef9bce81cac9283e60a35a7225067f220fceb80c53ca6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3e8d670f8a7f7f33ebfb656eb38c472c5f92840c6bb30d01611a89bb9cbc8e74
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e42cecd4405744ba14ef9bce81cac9283e60a35a7225067f220fceb80c53ca6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8F058712407059FD310EF69D48AF6AB7E8AB5A761F00002AE85ACB7A1DB70AC008B94
                                                                                                                                                                                                                                                                                                                                                      Function 003C4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,003C4EDD,?,00491418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 003C4E9C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 003C4EAE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C4E90: FreeLibrary.KERNEL32(00000000,?,?,003C4EDD,?,00491418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 003C4EC0
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00491418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 003C4EFD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00403CDE,?,00491418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 003C4E62
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 003C4E74
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C4E59: FreeLibrary.KERNEL32(00000000,?,?,00403CDE,?,00491418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 003C4E87
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 42f354374afe6da4c866bfcdadda00258058be7e6479df512a08b0c3d11dc4a0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c4c6e1a1d80c1d976b08bd4eda84e915d19a23df8325226e6f6a641058c998b3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42f354374afe6da4c866bfcdadda00258058be7e6479df512a08b0c3d11dc4a0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB110132610305AADB16BF70DC22FAD77A5AF40B11F20842EF442EA1C2EEB4EE449754
                                                                                                                                                                                                                                                                                                                                                      Function 003F8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 683944dea744b05d6ba20f3f2c979b7cfd404517cd9e29b107caa39d428b0126
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 41bc7fd24d225183fec96c68e2f2dbc701de481dafb3400536456dcbb34584e6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 683944dea744b05d6ba20f3f2c979b7cfd404517cd9e29b107caa39d428b0126
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F11487190410AAFCB0ADF59E9419AE7BF8EF48304F114069FD08AB312DB30EA11CBA4
                                                                                                                                                                                                                                                                                                                                                      Function 003F5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003F4C7D: RtlAllocateHeap.NTDLL(00000008,003C1129,00000000,?,003F2E29,00000001,00000364,?,?,?,003EF2DE,003F3863,00491444,?,003DFDF5,?), ref: 003F4CBE
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F506C
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2fd6153d7eec204362d37fbbfbce4ab388167e39e57a360c58503e0702ffc62f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D014E722047096BE3328F55D84196AFBECFB85370F25051DE394872C0EB706805C774
                                                                                                                                                                                                                                                                                                                                                      Function 003EE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e1ce64b07952ec5442f65f32bf5bc1e2ffe94936b6f67335a15df3f6a3b3f862
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97F0F432511A78EACA333B6B9C05B6B339C9F52334F110B15F6209B1D2DB74D80586A5
                                                                                                                                                                                                                                                                                                                                                      Function 003F4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000008,003C1129,00000000,?,003F2E29,00000001,00000364,?,?,?,003EF2DE,003F3863,00491444,?,003DFDF5,?), ref: 003F4CBE
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 67e0a787eafe832ff0942f06c27428c6089236e22416e8cfdf1fe3ad941407a8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f53566c07dfc7aa953ae3d55a7c252b47b8f028a1ab85497bdd2b32d4200a6ef
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67e0a787eafe832ff0942f06c27428c6089236e22416e8cfdf1fe3ad941407a8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41F0B43164227876EB235F62AC05B7B3798AF41BA1B169221BB15AB2D1CA70D80196A0
                                                                                                                                                                                                                                                                                                                                                      Function 003F3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,?,00491444,?,003DFDF5,?,?,003CA976,00000010,00491440,003C13FC,?,003C13C6,?,003C1129), ref: 003F3852
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c7118aee7d7d1ba771fb6bd4d2bbc856bceba422efa897d16a0ab4c07630c56f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5b38d22af07ca861dba9d443710f8a42173000eee0049789952c416f0af132e8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c7118aee7d7d1ba771fb6bd4d2bbc856bceba422efa897d16a0ab4c07630c56f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49E0E53110026CAAE63326779D00FBA3648AF42BF0F060131FE04969D1DB19DD0582E1
                                                                                                                                                                                                                                                                                                                                                      Function 003C4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,00491418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 003C4F6D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 58577159f9afb7fa74c77aa10dd65ee329309cf5e8ce98b38ec6fc726fa36276
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4c3569d6a1b663e88389a8f3b82450b80bd30b3948f9abd9fc98d1a2156e9cce
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 58577159f9afb7fa74c77aa10dd65ee329309cf5e8ce98b38ec6fc726fa36276
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFF03071105751CFDB359F64D4A0E12B7E4AF14319311897EE1DAC2511C7319C44DF10
                                                                                                                                                                                                                                                                                                                                                      Function 00452A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 00452A66
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e3acc81fde39bc3907675240a247f9bf87dc5d8043bbd1f963389c8f5881917a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3d6d4045b06bcae81aea9897b15cea8eaf4afeb442201cbbc44b7c14e11cd031
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3acc81fde39bc3907675240a247f9bf87dc5d8043bbd1f963389c8f5881917a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EAE0DF72340226AAC710EA31EC808FA735CEF5539AB00443BEC16C2101DB788E9A82A8
                                                                                                                                                                                                                                                                                                                                                      Function 003C30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000002,?), ref: 003C314E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 660df3b0df253840bf4fa4f89bf228e4fbb5cd14c04aa2793faa5d701aecf712
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c15256d537f6ef44457ac63615855817dced98c1843f4c4b63a9845ef1dc7ebd
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 660df3b0df253840bf4fa4f89bf228e4fbb5cd14c04aa2793faa5d701aecf712
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3DF0A7709003149FE7639B24DC46BD67BBCAB0170CF0001FAA54896292D7704B88CF45
                                                                                                                                                                                                                                                                                                                                                      Function 003C2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 003C2DC4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C6B57: _wcslen.LIBCMT ref: 003C6B6A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 09185a35a0fb762e4b19f9f5a14408643dc9dfeb485c870a251e3d1504a10295
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2a7583468ca2794230e89f2b065b5be91ac1669315f94212e8f74c188ca073a4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09185a35a0fb762e4b19f9f5a14408643dc9dfeb485c870a251e3d1504a10295
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64E0C272A002245BCB21E2999C06FEA77EDDFC8790F0400B6FD09E7258DA74ED808694
                                                                                                                                                                                                                                                                                                                                                      Function 003C2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 003C3908
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003CD730: GetInputState.USER32 ref: 003CD807
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 003C2B6B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 003C314E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a0050fba142e80c34b78f814e64f4e9385dd52d70372e34a03c89c122c158202
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9bca9aa9154ec5d4c7628839e74ddbdf97f385f02f1fb9d6e22d5b2e933ee3b0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0050fba142e80c34b78f814e64f4e9385dd52d70372e34a03c89c122c158202
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BEE0862230434506CA06BB749856F7DB7599BD5351F40553FF147CB173CF258D4A4356
                                                                                                                                                                                                                                                                                                                                                      Function 0042DF27 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 0042DF40
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C6B57: _wcslen.LIBCMT ref: 003C6B6A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FolderPath_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2987691875-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0325b1aff365e090d4678d73f28ed77dd812d6654dbfb3c745de8d2c3303bdf5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c59afd1235c7980cd7c7705fde964a1afdb35c22f6e5e6dece130c873b15cdbd
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0325b1aff365e090d4678d73f28ed77dd812d6654dbfb3c745de8d2c3303bdf5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51D05EA2A003282FDF60E6759C0EDF73AACC740210F0006B0786DD3152E920DD4486B0
                                                                                                                                                                                                                                                                                                                                                      Function 0040039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,00000000,?,00400704,?,?,00000000,?,00400704,00000000,0000000C), ref: 004003B7
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b5a4a0f649d5fb020777c2e94a525bfb7035f490a14833f123a9b9819e94deba
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3c6e01940a8eee703ed89858449c41986d9a16c162fc9c40ef67e975ed85e133
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5a4a0f649d5fb020777c2e94a525bfb7035f490a14833f123a9b9819e94deba
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48D06C3204020DBFDF028F84DD46EDA3BAAFB48714F014010BE1856021C732E821AB94
                                                                                                                                                                                                                                                                                                                                                      Function 003C1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 003C1CBC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 272a96656b8ce5a1b98d38a672fcfcd61678179a84634f72d56ce4922f23197b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5bcaad8f0573d77910219261c6d1bae96d8abf92748bd6022293fbbc6020eb75
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 272a96656b8ce5a1b98d38a672fcfcd61678179a84634f72d56ce4922f23197b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21C09B35280315BFF21447D0BD4AF107764A358B11F444032F60D555F3D3F15810D658

                                                                                                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                      Function 00459576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 003D9BB2
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0045961A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0045965B
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0045969F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 004596C9
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 004596F2
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 0045978B
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000009), ref: 00459798
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 004597AE
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000010), ref: 004597B8
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 004597E9
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00459810
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001030,?,00457E95), ref: 00459918
                                                                                                                                                                                                                                                                                                                                                      • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0045992E
                                                                                                                                                                                                                                                                                                                                                      • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00459941
                                                                                                                                                                                                                                                                                                                                                      • SetCapture.USER32(?), ref: 0045994A
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 004599AF
                                                                                                                                                                                                                                                                                                                                                      • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 004599BC
                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 004599D6
                                                                                                                                                                                                                                                                                                                                                      • ReleaseCapture.USER32 ref: 004599E1
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00459A19
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00459A26
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 00459A80
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00459AAE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00459AEB
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00459B1A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00459B3B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00459B4A
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00459B68
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00459B75
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 00459B93
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 00459BFA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00459C2B
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 00459C84
                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00459CB4
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00459CDE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00459D01
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 00459D4E
                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00459D82
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D9944: GetWindowLongW.USER32(?,000000EB), ref: 003D9952
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00459E05
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGID$F$p#I
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3429851547-3825827001
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ba0b2484629274c20d53f3c04e4119d383f15f4f747ae4e7e3203a5db4a63c78
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 932797830f77568d7d057ffa0db23bd5007b609fe848c46012572b46902fd054
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba0b2484629274c20d53f3c04e4119d383f15f4f747ae4e7e3203a5db4a63c78
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA429C70204301EFDB25CF24CD84AAABBE5FF49311F14062AFA59872A2D735ED58DB49
                                                                                                                                                                                                                                                                                                                                                      Function 00454873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 004548F3
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00454908
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00454927
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0045494B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0045495C
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0045497B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 004549AE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 004549D4
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00454A0F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00454A56
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00454A7E
                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 00454A97
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00454AF2
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00454B20
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00454B94
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00454BE3
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00454C82
                                                                                                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00454CAE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00454CC9
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,00000000,00000001), ref: 00454CF1
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00454D13
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00454D33
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,00000000,00000001), ref: 00454D5A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                      • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ca16f7e0e80ed9db49f09c235384e1255a21e2ff64f7f30e5511cf4454538eba
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 89aac2a5d11022571861da166a3c4c80d38f32636958fa0e4539c9775e958f6a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca16f7e0e80ed9db49f09c235384e1255a21e2ff64f7f30e5511cf4454538eba
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D312C071500314AFEB258F28CC49FAF7BB8EF85315F10412AF916DE2A2D7789985CB58
                                                                                                                                                                                                                                                                                                                                                      Function 003DF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 003DF998
                                                                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0041F474
                                                                                                                                                                                                                                                                                                                                                      • IsIconic.USER32(00000000), ref: 0041F47D
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000009), ref: 0041F48A
                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 0041F494
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0041F4AA
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0041F4B1
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0041F4BD
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 0041F4CE
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 0041F4D6
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0041F4DE
                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 0041F4E1
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0041F4F6
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 0041F501
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0041F50B
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 0041F510
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0041F519
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 0041F51E
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0041F528
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 0041F52D
                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 0041F530
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0041F557
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: be429a3570e002405e8d9697cfa0b536f8afda3fb4239959968cd3b1cd3d9d33
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9931781cd45bb89f49b2aa00b583375096648ae632a853f239198b2dc06ed575
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be429a3570e002405e8d9697cfa0b536f8afda3fb4239959968cd3b1cd3d9d33
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E831A571A40318BFEB216BB54C89FBF7E6DEB44B51F100076F600E61D2D6B09D41AA68
                                                                                                                                                                                                                                                                                                                                                      Function 00421201 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004216C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0042170D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004216C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0042173A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004216C3: GetLastError.KERNEL32 ref: 0042174A
                                                                                                                                                                                                                                                                                                                                                      • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00421286
                                                                                                                                                                                                                                                                                                                                                      • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 004212A8
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 004212B9
                                                                                                                                                                                                                                                                                                                                                      • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004212D1
                                                                                                                                                                                                                                                                                                                                                      • GetProcessWindowStation.USER32 ref: 004212EA
                                                                                                                                                                                                                                                                                                                                                      • SetProcessWindowStation.USER32(00000000), ref: 004212F4
                                                                                                                                                                                                                                                                                                                                                      • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00421310
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004210BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,004211FC), ref: 004210D4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004210BF: CloseHandle.KERNEL32(?,?,004211FC), ref: 004210E9
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                      • String ID: $default$winsta0$ZH
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 22674027-2345524798
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c46688864586f03f41cad7533fe5d07bd113f12c376f2aeeef73d7a2e4e4a332
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 31408f5571986af612b1c7ad31f9be4113c866425f1317b05a3edd707ad28e2d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c46688864586f03f41cad7533fe5d07bd113f12c376f2aeeef73d7a2e4e4a332
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27819271A00359AFDF11AFA4EC85FEF7BB9EF04704F14412AF915A62A1C7398944CB68
                                                                                                                                                                                                                                                                                                                                                      Function 00420B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004210F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00421114
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004210F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00420B9B,?,?,?), ref: 00421120
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004210F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00420B9B,?,?,?), ref: 0042112F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004210F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00420B9B,?,?,?), ref: 00421136
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004210F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0042114D
                                                                                                                                                                                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00420BCC
                                                                                                                                                                                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00420C00
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 00420C17
                                                                                                                                                                                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 00420C51
                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00420C6D
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 00420C84
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00420C8C
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 00420C93
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00420CB4
                                                                                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 00420CBB
                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00420CEA
                                                                                                                                                                                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00420D0C
                                                                                                                                                                                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00420D1E
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00420D45
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00420D4C
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00420D55
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00420D5C
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00420D65
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00420D6C
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 00420D78
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00420D7F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00421193: GetProcessHeap.KERNEL32(00000008,00420BB1,?,00000000,?,00420BB1,?), ref: 004211A1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00421193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00420BB1,?), ref: 004211A8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00421193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00420BB1,?), ref: 004211B7
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 98b346cb1a78c1a1811e48f52cf606d0281d4353cc04003e3c8ba5a5bf237f20
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6670cf8c700632af60f63af516aa492e139106d38aa058e442a8e0021f29019c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98b346cb1a78c1a1811e48f52cf606d0281d4353cc04003e3c8ba5a5bf237f20
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22718A71A0031AAFDF109FE5EC84BAFBBB8AF04701F444126E914A6292D778E905CF64
                                                                                                                                                                                                                                                                                                                                                      Function 0043EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • OpenClipboard.USER32(0045CC08), ref: 0043EB29
                                                                                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000D), ref: 0043EB37
                                                                                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(0000000D), ref: 0043EB43
                                                                                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 0043EB4F
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0043EB87
                                                                                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 0043EB91
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0043EBBC
                                                                                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(00000001), ref: 0043EBC9
                                                                                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(00000001), ref: 0043EBD1
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0043EBE2
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0043EC22
                                                                                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000F), ref: 0043EC38
                                                                                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(0000000F), ref: 0043EC44
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0043EC55
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0043EC77
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0043EC94
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0043ECD2
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0043ECF3
                                                                                                                                                                                                                                                                                                                                                      • CountClipboardFormats.USER32 ref: 0043ED14
                                                                                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 0043ED59
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d9c785969a1dd76ba025378b6c8a8fbfa2d1e6970513d5266a52aacf64193fb6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4da0f4cb1b8710c9a7d6842821ec8fdde9f5d3f981d7ce8bb5b759108a0f17c6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9c785969a1dd76ba025378b6c8a8fbfa2d1e6970513d5266a52aacf64193fb6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F61B034204302AFD301EF21D885F2AB7A4AF88704F14556EF456DB2E2CB35ED06CB6A
                                                                                                                                                                                                                                                                                                                                                      Function 0043698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 004369BE
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00436A12
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00436A4E
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00436A75
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C9CB3: _wcslen.LIBCMT ref: 003C9CBD
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 00436AB2
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 00436ADF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 98dce908a0baebc0c0f5b941e310c760ae09c24ba58a75f9eecc795b4c38a5bf
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 64a9461e0bc5067f54bb560504af1ba270e783712bff221afab1890d773f7bde
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98dce908a0baebc0c0f5b941e310c760ae09c24ba58a75f9eecc795b4c38a5bf
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17D14072508300AFC715EB64C886EABB7ECAF89704F04491EF585DB291EB74DE44CB62
                                                                                                                                                                                                                                                                                                                                                      Function 00439642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00439663
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 004396A1
                                                                                                                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,?), ref: 004396BB
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 004396D3
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 004396DE
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 004396FA
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0043974A
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(00486B7C), ref: 00439768
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00439772
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0043977F
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0043978F
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a0b0dafe8219634397aee03a14eb618929cdbf35c9f2079b97e6cc4ff5e4fbe6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 12d60fe4d30d3421b776e1ac90702904a065a52ee938ed7c6940392dbdfabe95
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0b0dafe8219634397aee03a14eb618929cdbf35c9f2079b97e6cc4ff5e4fbe6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF31C23254131AAFDB10AFB4DC89ADF77AC9F09321F1045A7F905E21E1DB78DD448A18
                                                                                                                                                                                                                                                                                                                                                      Function 0043979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 004397BE
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 00439819
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00439824
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 00439840
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00439890
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(00486B7C), ref: 004398AE
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 004398B8
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 004398C5
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 004398D5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0042DB00
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 924643421243e789a1ea612d33132198ab53b2f0377fa4b0f81ccf47c63aea2d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c8fea411498e42bbcbae559a1d2ba953aae2a292360f52b7b95f2b1467863da0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 924643421243e789a1ea612d33132198ab53b2f0377fa4b0f81ccf47c63aea2d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E31D23250031A6EDB14BFA4EC88ADF77AC9F4A325F144567E810A21E1DBB8DD44CB28
                                                                                                                                                                                                                                                                                                                                                      Function 0042D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,003C3A97,?,?,003C2E7F,?,?,?,00000000), ref: 003C3AC2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042E199: GetFileAttributesW.KERNEL32(?,0042CF95), ref: 0042E19A
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 0042D122
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0042D1DD
                                                                                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 0042D1F0
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 0042D20D
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 0042D237
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0042D21C,?,?), ref: 0042D2B2
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000,?,?,?), ref: 0042D253
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0042D264
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c8dbfe87f572d0cb67f19a59f9e595e5af5b215f6b7331ff2750bab755ae2a2c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 16c10b00f7ba39f18538fd47ed2568e78f085e43afa320c1e26a4f1f297a6f5d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8dbfe87f572d0cb67f19a59f9e595e5af5b215f6b7331ff2750bab755ae2a2c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB615131D0125D9ECF06EBE0E992EEDB775AF15304F6041AAE401B7192EB349F09CB65
                                                                                                                                                                                                                                                                                                                                                      Function 0043ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bf17f381d97f6bc4e096bc90a25835c6b8ef390be28ad5fd812e03c680a8a383
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e9a6296618ad37d0dd320037a25ece83ecbb1f2bb34809f502ac8a364bef660e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf17f381d97f6bc4e096bc90a25835c6b8ef390be28ad5fd812e03c680a8a383
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C341AF31605211AFD310CF16D489F1ABBA1EF48329F1490AAE4158B7A2C735ED42CB94
                                                                                                                                                                                                                                                                                                                                                      Function 0042E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004216C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0042170D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004216C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0042173A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004216C3: GetLastError.KERNEL32 ref: 0042174A
                                                                                                                                                                                                                                                                                                                                                      • ExitWindowsEx.USER32(?,00000000), ref: 0042E932
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                      • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f0ba739e60c1cdbe28535c8ff351413ce4f0c58f85b810014f17947a7a045908
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6f8baac175cba3ea6360c694fa7317f069e874c7a0d0f711d64a41763e1e9bfc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0ba739e60c1cdbe28535c8ff351413ce4f0c58f85b810014f17947a7a045908
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C901D6B2710331AFEB5426B6BC8AFBF725C9B14755F550827F802E21E2D5A89C84829C
                                                                                                                                                                                                                                                                                                                                                      Function 00441204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00441276
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00441283
                                                                                                                                                                                                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 004412BA
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 004412C5
                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 004412F4
                                                                                                                                                                                                                                                                                                                                                      • listen.WSOCK32(00000000,00000005), ref: 00441303
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 0044130D
                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 0044133C
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 59ec34b204722db40d0d604857a433c0cef8f088880b06e28888b93827e3ede5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 02746f55b4cc692756b465fbb4bc0abe11452e0a0b47fb60ecaf39f5b480b5ae
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59ec34b204722db40d0d604857a433c0cef8f088880b06e28888b93827e3ede5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 614150316002009FE710EF64C485B2ABBE5BF46319F188199D8569F3A7C775ED82CBA5
                                                                                                                                                                                                                                                                                                                                                      Function 003FB952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FB9D4
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FB9F8
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FBB7F
                                                                                                                                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00463700), ref: 003FBB91
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,0049121C,000000FF,00000000,0000003F,00000000,?,?), ref: 003FBC09
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00491270,000000FF,?,0000003F,00000000,?), ref: 003FBC36
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FBD4B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 42ef4eb7f3cd0549a50dbff7f219ac5ea8b89b9981a50375030bfbb2041fd618
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cfed4917e1aac9fa2b3f5f2320ab0bf133df6b01f6d88eb852c11cefb8d8d142
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42ef4eb7f3cd0549a50dbff7f219ac5ea8b89b9981a50375030bfbb2041fd618
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05C126F590420DAFCB22AF69DC41BBAFBB8EF41350F1541AAE691DB291E7308E41C750
                                                                                                                                                                                                                                                                                                                                                      Function 0042D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,003C3A97,?,?,003C2E7F,?,?,?,00000000), ref: 003C3AC2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042E199: GetFileAttributesW.KERNEL32(?,0042CF95), ref: 0042E19A
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 0042D420
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 0042D470
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 0042D481
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0042D498
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0042D4A1
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8ac71b272405dde0de249af88e2af9820ed0a332001bd40ba99e277a943feb58
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1e3526999f5f58eb04c4502cd39ad38c58ff86e3f179c3e3cdea34c797139ce2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ac71b272405dde0de249af88e2af9820ed0a332001bd40ba99e277a943feb58
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C318F315083559FC301FF60D892DAFB7A8AE91304F804A6EF4D197191EB34EE09876B
                                                                                                                                                                                                                                                                                                                                                      Function 003FE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 38331eefa562d3054fa885ee4e72859025e10c24ea5c73ed1f784038b89a4b27
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2631789e89027257b5e01f0b525984f9812d2c2aa389b700f68db3ebe9b948f5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38331eefa562d3054fa885ee4e72859025e10c24ea5c73ed1f784038b89a4b27
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17C23971E0862D8FDB26CE289D407EAB7B9EF44305F1541EAD90DE7250E778AE818F40
                                                                                                                                                                                                                                                                                                                                                      Function 0043648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 004364DC
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00436639
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(0045FCF8,00000000,00000001,0045FB68,?), ref: 00436650
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 004368D4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: df20938b1358e2d9db68c9ed52c0791d29e73f10529dba976e7f912e15fd8231
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 54a4827f72e37ee3fe4607f24d0a9d01a40fd31b3f57878ee53418ee2ffed089
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df20938b1358e2d9db68c9ed52c0791d29e73f10529dba976e7f912e15fd8231
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9DD12771508301AFC315EF24C881E6BB7E8AF98704F11896EF595CB291EB71ED09CB96
                                                                                                                                                                                                                                                                                                                                                      Function 004422DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(?,?,00000000), ref: 004422E8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0043E4EC: GetWindowRect.USER32(?,?), ref: 0043E504
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00442312
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00442319
                                                                                                                                                                                                                                                                                                                                                      • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00442355
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00442381
                                                                                                                                                                                                                                                                                                                                                      • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 004423DF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d99a631b18b8be11389bf0366acbab05f7fd30b91c1ca019becdbdb40a4cc292
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7441bd9ebee1d990f73f35b43f84ce10bbc5efdbfaf5c3ca7b8f51f132d000ff
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d99a631b18b8be11389bf0366acbab05f7fd30b91c1ca019becdbdb40a4cc292
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F8310272105315AFD720DF65DC44B5BBBA9FF88314F40091EF88497281DB78EA08CB9A
                                                                                                                                                                                                                                                                                                                                                      Function 00439B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C9CB3: _wcslen.LIBCMT ref: 003C9CBD
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00439B78
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00439C8B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00433874: GetInputState.USER32 ref: 004338CB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00433874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00433966
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00439BA8
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00439C75
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fd80ab80f9269ebb908871dbc81238c5bd9407c960ec6c22d70bac8be4720e85
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 25cdaf62df7b056511e1a9eedd9a04d1ea9985ee3afb70ce3995fec79c489d01
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd80ab80f9269ebb908871dbc81238c5bd9407c960ec6c22d70bac8be4720e85
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1041A27190420A9FDF15DF64C889BEEBBB4FF09301F24515AE805A7291DB74AE44CF68
                                                                                                                                                                                                                                                                                                                                                      Function 003D997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 003D9BB2
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,?,?,?,?), ref: 003D9A4E
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 003D9B23
                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 003D9B36
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7f839e5d2c243d2e782e0b93b4fd6cbc00a23f273b74ffcdd70f8627976cb2f2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3ccfe2569ec6152f41e120096c9f764baf005c3b70c2c72ecea3b7867cc41c39
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f839e5d2c243d2e782e0b93b4fd6cbc00a23f273b74ffcdd70f8627976cb2f2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EDA14E73108504FEE726AA3DAC88FBB366DDB42354F15021BF412C6BD2DA299D41C27D
                                                                                                                                                                                                                                                                                                                                                      Function 00441806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0044307A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044304E: _wcslen.LIBCMT ref: 0044309B
                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0044185D
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00441884
                                                                                                                                                                                                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 004418DB
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 004418E6
                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 00441915
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2be9f2a6543d70218b26c1e39c85045e375561ff97728499ce5d7aa42b3c70f8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8bad2455e314e3477a322290b759f70df8025fb4f8aefb285d5fc16b55f65e4e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2be9f2a6543d70218b26c1e39c85045e375561ff97728499ce5d7aa42b3c70f8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1951B375A00210AFEB11AF24C886F2A77E5AB45718F08845DF9069F3D3C775ED42CBA1
                                                                                                                                                                                                                                                                                                                                                      Function 00451C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 98143cfb69d2f3dd2d0decd40a56b81a7b7022f5fb92139dc56a2b97a600883f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 298227a588779aad7b3b9d92af30acb4a57ed90f424e18c9fdaa6193b83dd5f9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98143cfb69d2f3dd2d0decd40a56b81a7b7022f5fb92139dc56a2b97a600883f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E921A2317402105FD7218F1AC884F277BA5AF95316B18806EEC468B363C776EC46CB98
                                                                                                                                                                                                                                                                                                                                                      Function 003C8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fc84722fbbcbacdd257afa06dc61f85454fdbd3c35cf0a0ef0e5d131d18512e0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 868ddd1407594d041786d435d072b6c48d416acfa3d9c73019d3bc131d6283f4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc84722fbbcbacdd257afa06dc61f85454fdbd3c35cf0a0ef0e5d131d18512e0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3A26D70A0021ACBDF25CF58C940BAEB7B1BF44314F2585AAD816E7385DB789E91CF94
                                                                                                                                                                                                                                                                                                                                                      Function 00428298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,?,00000000), ref: 004282AA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ($tbH$|
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1659193697-3064764139
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fd27b69d5fd77adfcb217be49dfc1c0a725a5e8e3d1129b19a627c0b3d7bf00d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e5bf511cf6576e7e1d529cc862cf809c0aad0d324a50d94bcea31da8d5956ace
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd27b69d5fd77adfcb217be49dfc1c0a725a5e8e3d1129b19a627c0b3d7bf00d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F324475A00615DFCB28CF19D480A6AB7F0FF48710B55C46EE89ADB3A1EB74E981CB44
                                                                                                                                                                                                                                                                                                                                                      Function 0042AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0042AAAC
                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(00000080), ref: 0042AAC8
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0042AB36
                                                                                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0042AB88
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d9390e5254e2c6b47d9b99909246458bdd18abba9207378520e9e851f0fa8e7b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d2e06030d74f3959e620f0336aef4e95954853ef740db7f45c12b5a21e5b200f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9390e5254e2c6b47d9b99909246458bdd18abba9207378520e9e851f0fa8e7b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5312E30B40324AFEB30CA65AC057FB7FA6AF44310F84421BEA81522D1D37C9951C75B
                                                                                                                                                                                                                                                                                                                                                      Function 0043CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,00000400,?), ref: 0043CE89
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 0043CEEA
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000), ref: 0043CEFE
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 73cfb10ecb0caa95612b5619a94beaf744be218c4f29ee00a5c3de9b8a78f921
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 927889b13fa91d800e0da09fc434725fb9f464abeafe47653a8638e610e60cf3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73cfb10ecb0caa95612b5619a94beaf744be218c4f29ee00a5c3de9b8a78f921
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA21BD71500305AFD720DFA5C989BAB77F8EB14315F10442FE646A2291E778EE058B58
                                                                                                                                                                                                                                                                                                                                                      Function 003F2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 003F271A
                                                                                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 003F2724
                                                                                                                                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 003F2731
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2d6a70e776a25ac7b28e41ae759397273d5f9fe5c240a64bdc43a6853e32ef71
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a878c6867c8cdcefe582eb26ffdac3a67809212ca9ba3a28f2c8e0963e18fcbe
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d6a70e776a25ac7b28e41ae759397273d5f9fe5c240a64bdc43a6853e32ef71
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6631B67491132CDBCB21DF65DC89B9DB7B8AF08310F5042EAE81CA6261E7709F858F45
                                                                                                                                                                                                                                                                                                                                                      Function 004351CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 004351DA
                                                                                                                                                                                                                                                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00435238
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 004352A1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ee85b02051922d44da97f9af09db7d811c24b9a01e9078e0419eb4a21ea78703
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 56d7cbfcf941cb463ba96c973e8c20da333b24f84c80ea42ad3d73a68fbe0546
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee85b02051922d44da97f9af09db7d811c24b9a01e9078e0419eb4a21ea78703
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5314B75A006189FDB00DF54D884FAEBBB4FF49318F048099E805AB362DB35EC56CB94
                                                                                                                                                                                                                                                                                                                                                      Function 004216C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003DFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 003E0668
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003DFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 003E0685
                                                                                                                                                                                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0042170D
                                                                                                                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0042173A
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0042174A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1811628938a1851956d56978686ba06f2d0a9dcdefc7de288bc38cae5e58dbd1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9794f662ba247642b17dd7f7ae2a060ded910b483179bdcf47f03096ebe97038
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1811628938a1851956d56978686ba06f2d0a9dcdefc7de288bc38cae5e58dbd1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8911CEB2500308AFD718AF54ECC6D6BB7B9EF84B24B20852EF05657291EB70FC418A64
                                                                                                                                                                                                                                                                                                                                                      Function 0042D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0042D608
                                                                                                                                                                                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0042D645
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0042D650
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0c06000c6ad99aae5991e0f36f7c8c2b9fb07f01c390582b53a647dc486673a7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b3e5ce0a5c48f3e11096bb51e44a10f3aa899dcb2d5d136013958d4a502fb1b1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c06000c6ad99aae5991e0f36f7c8c2b9fb07f01c390582b53a647dc486673a7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8117C71E01328BFDB108F94AC84FAFBBBCEB45B50F108122F914E7290C2744A018BA5
                                                                                                                                                                                                                                                                                                                                                      Function 00421663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0042168C
                                                                                                                                                                                                                                                                                                                                                      • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 004216A1
                                                                                                                                                                                                                                                                                                                                                      • FreeSid.ADVAPI32(?), ref: 004216B1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 21bc67845a5b7fa75e13527c0a7de6718054d31e690c32560946dec8ed99e5d5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bbab1d4d2dfea7e88d815e96784e836e21ef109487f2838354503f0da8889622
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21bc67845a5b7fa75e13527c0a7de6718054d31e690c32560946dec8ed99e5d5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FDF0F471950309FFDB00DFE49C89EAEBBBCEB08605F504565E501E2191E774EA448A54
                                                                                                                                                                                                                                                                                                                                                      Function 003FC2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: /
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a79b394f4c688d43427808df2ef347cd93e911fa64f35ce9f62f83930686fd40
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 58ea08ea9d8cf6bb7acaf8fe51c267242f77374f2b63db11c01672e1e48f9dd1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a79b394f4c688d43427808df2ef347cd93e911fa64f35ce9f62f83930686fd40
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F641477694021DBFCB219FB9CD88EBB77B8EB84354F104669FA05CB280E6709D80CB50
                                                                                                                                                                                                                                                                                                                                                      Function 003ECAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 32f827ed850a983be417a057c705bcb5802622acad401da8c25cabc1f60454d8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB022E71E102699BDF15CFA9C8806AEFBF1EF88314F254269D919E7384D731AD428B84
                                                                                                                                                                                                                                                                                                                                                      Function 003CCAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: Variable is not of type 'Object'.$p#I
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1590906393
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d52bfe4869d42e385a51b38937a42e18ffb652fc5c0ab36bfe6bbb1e07b58496
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a6bfd514595467397a39328640ce07f5b64a501632758f5f6acab19c25264f3f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d52bfe4869d42e385a51b38937a42e18ffb652fc5c0ab36bfe6bbb1e07b58496
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10329C70910218DBCF15DF90D885FEEB7B9BF05304F14906EE80AAB282D775AD86CB64
                                                                                                                                                                                                                                                                                                                                                      Function 004368EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00436918
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00436961
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9beec69583d54a5748335225b56168d59a769307784c80aefa98fa94b48ad2a3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: abc6d2e7d442a3886784710741df2b078dd9c040f471ed8cc995a3e74b83eca7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9beec69583d54a5748335225b56168d59a769307784c80aefa98fa94b48ad2a3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D11AC71604201AFC710CF29C484B16BBE5EF89328F15C6AEE8698F3A2C734EC05CB91
                                                                                                                                                                                                                                                                                                                                                      Function 004337B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00444891,?,?,00000035,?), ref: 004337E4
                                                                                                                                                                                                                                                                                                                                                      • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00444891,?,?,00000035,?), ref: 004337F4
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3d4c47f9ed4f2dc867d5737f36b0ceaf8492a99c8d6a761b734132ce206004a2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 704883442da3a5aa272b7d0998693bf66ff840e4a384389adf706294bcf8faf8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d4c47f9ed4f2dc867d5737f36b0ceaf8492a99c8d6a761b734132ce206004a2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1F0EC706043192AD71017664C4DFDB765DDFC4762F004176F505D2291DA609D04C7B4
                                                                                                                                                                                                                                                                                                                                                      Function 0042B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0042B25D
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 0042B270
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9b5785b20c1a0833f47be60d439181413814961906eb096207a633aef9b45bbc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ee51b2e077e2248bfcf7a502765c9e32eb4a36bcd1d1c25ee5b16488250d6e16
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b5785b20c1a0833f47be60d439181413814961906eb096207a633aef9b45bbc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8F01D7190435EAFDB059FA0D805BAE7FB4FF08305F00805AF955A5192D379C611DFA8
                                                                                                                                                                                                                                                                                                                                                      Function 004210BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,004211FC), ref: 004210D4
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,004211FC), ref: 004210E9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c1a21a37fde5fbdbd0615a19f5f47eeeec10317554b452321e825d76da18f3ec
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d07c3493cb04ddf7fc0bd61e930ecc697b3464f3717ef95f8de9a3635483c7a3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1a21a37fde5fbdbd0615a19f5f47eeeec10317554b452321e825d76da18f3ec
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79E04F32004710AEE7262B51FC45E7377A9EB04711B10882EF4A6845B6DB62AC90DB54
                                                                                                                                                                                                                                                                                                                                                      Function 003F676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,003F6766,?,?,00000008,?,?,003FFEFE,00000000), ref: 003F6998
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5d6b44a1d17340cf1e55beed76c4a0e425708d917d06fa9b2e5f3ada6acd3f72
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 324595343fb8a6e57056228c8e1faf8c1f9b79b06e5ebc898e04ae912d044fc9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d6b44a1d17340cf1e55beed76c4a0e425708d917d06fa9b2e5f3ada6acd3f72
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7B15D71610608DFDB16CF28C48AB657BE0FF45364F26865CE99ACF2A2C335E991CB40
                                                                                                                                                                                                                                                                                                                                                      Function 003DB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 81c3c3d53829683323026ddca4a8d7e5d81ab0208c571c88d0353127c513e6a9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8c0b946a00894fa37f06e99dc3d627daa633fa4a4d89855a9f201546bc5844eb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81c3c3d53829683323026ddca4a8d7e5d81ab0208c571c88d0353127c513e6a9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3126D75900229DBCB15CF59D880AEEB7B5FF48310F1581ABE849EB351EB349E81CB94
                                                                                                                                                                                                                                                                                                                                                      Function 0043EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • BlockInput.USER32(00000001), ref: 0043EABD
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d1e5a6124769b91c64c11bf8e1a705d012df465dc541307a1b56d98883c9ac4b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c2696737ebdb079c8447c8026a2dc43d26eb9e39103b15bbd5234b3eac1b226c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d1e5a6124769b91c64c11bf8e1a705d012df465dc541307a1b56d98883c9ac4b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4AE04F312102059FC710EF5AD845E9BF7E9AF98760F00842AFC49CB391DB74EC418B95
                                                                                                                                                                                                                                                                                                                                                      Function 003E09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,003E03EE), ref: 003E09DA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 00a8b63d43bfd59879df7f251f0779a765a69e9cb852155b7c86c3e03e485e5f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 728d41821a3b32fcaf95fb693c1f44e029a2c3d63e6c5de3d67f846869384854
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 00a8b63d43bfd59879df7f251f0779a765a69e9cb852155b7c86c3e03e485e5f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                      Function 003E781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 53182aaa051d0210840d9be250ed7f18e42ea0e97bd2f1e62ce1006e58f17fd0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B516671A0C6F95ADB3B866B885B7FE23899F22340F190719E886DB6C3C715DE01D352
                                                                                                                                                                                                                                                                                                                                                      Function 00432046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0&I
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-401884818
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 72193c020c8836c4f632fb5f076092fc624f22b27caece6ca139735196905d75
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6fc548076cc0d6d84e12ec94488fd84dfe5f2c913b00ca1992e9a223f752a65b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72193c020c8836c4f632fb5f076092fc624f22b27caece6ca139735196905d75
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6921D5322216118BDB2CCE79C92267E73E5A764310F14863FE4A7C77D0DE79A904CB84
                                                                                                                                                                                                                                                                                                                                                      Function 003F6DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9fe03346a9c82202a6e87ff114b9240b37da6eb9e92c775633adb1abbd88408e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0c49824d530386280ee4fcad859405afe91d37faf80edc591b6181bd135a944e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9fe03346a9c82202a6e87ff114b9240b37da6eb9e92c775633adb1abbd88408e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0323422D29F054DD7239634CD22336A289AFB73C5F15D737F81AB5EA9EBA9C4834101
                                                                                                                                                                                                                                                                                                                                                      Function 003DCC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4f8cca2bb80b62dd82eaac08bd81d0af5b18c5dcc75ef5197ca5fb25e3f0d1f5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7043176c0e7bdfed483a404473c06a68eddda0f7791436f486c24c5140f3f69f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f8cca2bb80b62dd82eaac08bd81d0af5b18c5dcc75ef5197ca5fb25e3f0d1f5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C322632AA41068BDF25CE28D9D06FE77A1EF45300F29856BE549CB391D238DDC2DB49
                                                                                                                                                                                                                                                                                                                                                      Function 003C7920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dd409ead863d9d3779059ee446d7be0f359650e95dd071c272fbc2dc78e9e7ff
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c3c4bcec88588a414c2df4983567742deeffe92d31e37f477d119fe0cfd45d9d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd409ead863d9d3779059ee446d7be0f359650e95dd071c272fbc2dc78e9e7ff
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92229D70A006099FDF15CFA4D881BAEB7B5FF44300F14462AE816EB291EB3AAD51CF54
                                                                                                                                                                                                                                                                                                                                                      Function 003C91C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0fae7b4e539f1ed60d7bfebdce9176d6be45176956e274b0646b230d248b63f6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ba96e272dcdd81e6e1cd97a000a81074203e5518928b177ba0df3d597e3a7f9f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0fae7b4e539f1ed60d7bfebdce9176d6be45176956e274b0646b230d248b63f6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E02B6B1A00209EFDB05DF55D881BAEB7B5FF44300F11856AE806EB391E735AE21CB95
                                                                                                                                                                                                                                                                                                                                                      Function 003E1C77 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cb17f6e4fd2ba10dc7b493f40606e812504d60ee938cddd78ab558f0d7d3642a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB9184726080F34ADB2B463B853407EFFE15A923A131B079EE4F2CA1C5EE349954D620
                                                                                                                                                                                                                                                                                                                                                      Function 003E19B0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e0dbaf40e8890a701ce1002ac5e3d096fbc1b0d980b781ade98fa21e89bb19bb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2913F722090F34ADB6B467B857403EFEE55A923A231A07AEE4F2CA5C1FE348554D620
                                                                                                                                                                                                                                                                                                                                                      Function 003E7A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 63c33267f4eb8832cb12065a043c2c32646be7ae7ccf5fcedd33f9e378454c2d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 35a7c8d012d2af343148c10d6cc8fe7dae973e3967410940ba37bd8e8e02605c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 63c33267f4eb8832cb12065a043c2c32646be7ae7ccf5fcedd33f9e378454c2d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 476159716087FA96DA3B9A2B8895BBE3398DF41700F210B2DE943DF7C1D6119E428355
                                                                                                                                                                                                                                                                                                                                                      Function 003E1706 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 40544a869455c8a5471b7c550d86930715e85681a3d527d486fbdaa81c293b92
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 558182726080F30ADB6F423B857447EFFE15A923A131B079EE4F2CA1C2EE348554E660
                                                                                                                                                                                                                                                                                                                                                      Function 00442ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00442B30
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00442B43
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00442B52
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00442B6D
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00442B74
                                                                                                                                                                                                                                                                                                                                                      • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00442CA3
                                                                                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00442CB1
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00442CF8
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 00442D04
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00442D40
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00442D62
                                                                                                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00442D75
                                                                                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00442D80
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00442D89
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00442D98
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00442DA1
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00442DA8
                                                                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00442DB3
                                                                                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00442DC5
                                                                                                                                                                                                                                                                                                                                                      • OleLoadPicture.OLEAUT32(?,00000000,00000000,0045FC38,00000000), ref: 00442DDB
                                                                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00442DEB
                                                                                                                                                                                                                                                                                                                                                      • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00442E11
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00442E30
                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00442E52
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0044303F
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                      • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cc07153dd4dcf59e3c9fccc5b065244e415bffbd54fc9e2ca34853a6187f9319
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 86f694e2f390803381021a5d10b4614c1648844765860611324994e7ec1faa9e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc07153dd4dcf59e3c9fccc5b065244e415bffbd54fc9e2ca34853a6187f9319
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED027B71900205AFEB14DF64CD89EAE7BB9EF49711F008169F915AB2A1CB74ED01CF68
                                                                                                                                                                                                                                                                                                                                                      Function 004570D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 0045712F
                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00457160
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 0045716C
                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,000000FF), ref: 00457186
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00457195
                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 004571C0
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000010), ref: 004571C8
                                                                                                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(00000000), ref: 004571CF
                                                                                                                                                                                                                                                                                                                                                      • FrameRect.USER32(?,?,00000000), ref: 004571DE
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 004571E5
                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FE,000000FE), ref: 00457230
                                                                                                                                                                                                                                                                                                                                                      • FillRect.USER32(?,?,?), ref: 00457262
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00457284
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004573E8: GetSysColor.USER32(00000012), ref: 00457421
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004573E8: SetTextColor.GDI32(?,?), ref: 00457425
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004573E8: GetSysColorBrush.USER32(0000000F), ref: 0045743B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004573E8: GetSysColor.USER32(0000000F), ref: 00457446
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004573E8: GetSysColor.USER32(00000011), ref: 00457463
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004573E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00457471
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004573E8: SelectObject.GDI32(?,00000000), ref: 00457482
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004573E8: SetBkColor.GDI32(?,00000000), ref: 0045748B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004573E8: SelectObject.GDI32(?,?), ref: 00457498
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004573E8: InflateRect.USER32(?,000000FF,000000FF), ref: 004574B7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004573E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004574CE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004573E8: GetWindowLongW.USER32(00000000,000000F0), ref: 004574DB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c4c35d31b73e6ae7f125156d2943385b27e0f5af002e8a81afe665d96e19e473
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 43b47807420180a44fc63980e789b9a12b864339d2b5ee7daf379b4a4fb5e1d8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4c35d31b73e6ae7f125156d2943385b27e0f5af002e8a81afe665d96e19e473
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90A1A172008715BFD7019F60DC88A5F7BA9FB49322F100A29F962961E2D774E944CF56
                                                                                                                                                                                                                                                                                                                                                      Function 003D8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?), ref: 003D8E14
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001308,?,00000000), ref: 00416AC5
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00416AFE
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00416F43
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,003D8BE8,?,00000000,?,?,?,?,003D8BBA,00000000,?), ref: 003D8FC5
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001053), ref: 00416F7F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00416F96
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?), ref: 00416FAC
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?), ref: 00416FB7
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 90c5b12a1325f083ec4c9e74faee7d41a736080164b9f4d2efd2cd7accbc617c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a7fa859c3599d4cc6db8b7f565bce3df3bb0da050935c903da209c25ebc3f776
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90c5b12a1325f083ec4c9e74faee7d41a736080164b9f4d2efd2cd7accbc617c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1129B31204211EFDB26CF24D884BAABBE5FB44301F15456AE485CB762CB35EC92DF99
                                                                                                                                                                                                                                                                                                                                                      Function 00442711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000), ref: 0044273E
                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0044286A
                                                                                                                                                                                                                                                                                                                                                      • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 004428A9
                                                                                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 004428B9
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00442900
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 0044290C
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00442955
                                                                                                                                                                                                                                                                                                                                                      • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00442964
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00442974
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00442978
                                                                                                                                                                                                                                                                                                                                                      • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00442988
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00442991
                                                                                                                                                                                                                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 0044299A
                                                                                                                                                                                                                                                                                                                                                      • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004429C6
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,00000001), ref: 004429DD
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00442A1D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00442A31
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000404,00000001,00000000), ref: 00442A42
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00442A77
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00442A82
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00442A8D
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00442A97
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: eb9da8ee26767692e28d8fa25ff6b601a1a57b8e6c51b031ae4d1302f6fa7c9f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 026f3b2d96a986c4dd135e9c6d280e5d60b42d281e0ae6fda7fa1c30479ddd6d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb9da8ee26767692e28d8fa25ff6b601a1a57b8e6c51b031ae4d1302f6fa7c9f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2B15C71A00215AFEB14DF68CD86FAE7BB9EB48711F004129F914EB2A1D774ED40CB98
                                                                                                                                                                                                                                                                                                                                                      Function 00434ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 00434AED
                                                                                                                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,0045CB68,?,\\.\,0045CC08), ref: 00434BCA
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,0045CB68,?,\\.\,0045CC08), ref: 00434D36
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                      • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e53bb386a6552965e2270a35808daa46cd88d52b419b0372afc071e99ebc1f88
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dee62e026f09fd1707c5e79b292c26c3b90bb8d2130b046fb89bc32611c574a9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e53bb386a6552965e2270a35808daa46cd88d52b419b0372afc071e99ebc1f88
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F16197306051059BCB45EF14C981EEDB7A0AB88304F26A41BF806AB752DB3DFD42DB5E
                                                                                                                                                                                                                                                                                                                                                      Function 004573E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 00457421
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 00457425
                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 0045743B
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00457446
                                                                                                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(?), ref: 0045744B
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 00457463
                                                                                                                                                                                                                                                                                                                                                      • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00457471
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00457482
                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 0045748B
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00457498
                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 004574B7
                                                                                                                                                                                                                                                                                                                                                      • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004574CE
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 004574DB
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0045752A
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00457554
                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FD,000000FD), ref: 00457572
                                                                                                                                                                                                                                                                                                                                                      • DrawFocusRect.USER32(?,?), ref: 0045757D
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 0045758E
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00457596
                                                                                                                                                                                                                                                                                                                                                      • DrawTextW.USER32(?,004570F5,000000FF,?,00000000), ref: 004575A8
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 004575BF
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 004575CA
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 004575D0
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 004575D5
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 004575DB
                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,?), ref: 004575E5
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: edfc7822c139d991c830b09137f3e44e5f5280fcc54b43b6b2258023f128f8fc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4b0f3abb171edca025f0d838278da3b469f5f2ed1fa4667c68cfec92d9f4db39
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: edfc7822c139d991c830b09137f3e44e5f5280fcc54b43b6b2258023f128f8fc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB614E72900318BFDB019FA4DC89AAE7FB9EB09321F114125F915AB2A2D7749940CF94
                                                                                                                                                                                                                                                                                                                                                      Function 00450FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00451128
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 0045113D
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00451144
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00451199
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 004511B9
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 004511ED
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0045120B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0045121D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,?), ref: 00451232
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00451245
                                                                                                                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(00000000), ref: 004512A1
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 004512BC
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 004512D0
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 004512E8
                                                                                                                                                                                                                                                                                                                                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 0045130E
                                                                                                                                                                                                                                                                                                                                                      • GetMonitorInfoW.USER32(00000000,?), ref: 00451328
                                                                                                                                                                                                                                                                                                                                                      • CopyRect.USER32(?,?), ref: 0045133F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000412,00000000), ref: 004513AA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                      • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a8fb1fe12432f59a1898ab349325db4b8ed6521c1db18749c59a4e0d7ea141eb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 737193dfcf3b5f85f06da9c1b6305c75a01b9e1e8c349d52521033e27ef01d52
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8fb1fe12432f59a1898ab349325db4b8ed6521c1db18749c59a4e0d7ea141eb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4EB18971604341AFD700DF64C885B6BBBE4EF89741F00891DF9999B2A2C735EC49CB96
                                                                                                                                                                                                                                                                                                                                                      Function 00450241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 004502E5
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0045031F
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00450389
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 004503F1
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00450475
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 004504C5
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00450504
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003DF9F2: _wcslen.LIBCMT ref: 003DF9FD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00422258
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0042228A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 055ab6ad6ad271898186b0d5e6c529de2bfeceab5e907cb8f51b4399efb80024
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 22a1f92e375e9cd15e8c6c319f02f61abf6937583aaa50c6ffcaf5076f3f521f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 055ab6ad6ad271898186b0d5e6c529de2bfeceab5e907cb8f51b4399efb80024
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6DE1AD352082019FC714EF24C59192EB3E1BF98315F14495EFC969B3A2DB38ED4ACB46
                                                                                                                                                                                                                                                                                                                                                      Function 003D8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 003D8968
                                                                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000007), ref: 003D8970
                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 003D899B
                                                                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000008), ref: 003D89A3
                                                                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000004), ref: 003D89C8
                                                                                                                                                                                                                                                                                                                                                      • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 003D89E5
                                                                                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 003D89F5
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 003D8A28
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 003D8A3C
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,000000FF), ref: 003D8A5A
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 003D8A76
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 003D8A81
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D912D: GetCursorPos.USER32(?), ref: 003D9141
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D912D: ScreenToClient.USER32(00000000,?), ref: 003D915E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D912D: GetAsyncKeyState.USER32(00000001), ref: 003D9183
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D912D: GetAsyncKeyState.USER32(00000002), ref: 003D919D
                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(00000000,00000000,00000028,003D90FC), ref: 003D8AA8
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d0bcf02842b496f5b9103d79e9c06a6570eb5ecdd8f6b290655ed82bf5abf828
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 57fadfebd66b2074d356e4d40b94157d115b451e592bdd28974bdbb1965a8f28
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0bcf02842b496f5b9103d79e9c06a6570eb5ecdd8f6b290655ed82bf5abf828
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41B18E71A0030AAFDB15DFA8DC85BEE3BB5FB48315F11412AFA15A7290DB34E841CB58
                                                                                                                                                                                                                                                                                                                                                      Function 00420D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004210F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00421114
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004210F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00420B9B,?,?,?), ref: 00421120
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004210F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00420B9B,?,?,?), ref: 0042112F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004210F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00420B9B,?,?,?), ref: 00421136
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004210F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0042114D
                                                                                                                                                                                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00420DF5
                                                                                                                                                                                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00420E29
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 00420E40
                                                                                                                                                                                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 00420E7A
                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00420E96
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 00420EAD
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00420EB5
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 00420EBC
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00420EDD
                                                                                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 00420EE4
                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00420F13
                                                                                                                                                                                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00420F35
                                                                                                                                                                                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00420F47
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00420F6E
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00420F75
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00420F7E
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00420F85
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00420F8E
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00420F95
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 00420FA1
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00420FA8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00421193: GetProcessHeap.KERNEL32(00000008,00420BB1,?,00000000,?,00420BB1,?), ref: 004211A1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00421193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00420BB1,?), ref: 004211A8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00421193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00420BB1,?), ref: 004211B7
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fadadb4097efa30935cd251d3699c3259e1652604d4e32fb60995412f333c4f8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e1bfef29a66a6f542dc4e02ff27df276a94f689f0b983dc1e0879818cc28a1cb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fadadb4097efa30935cd251d3699c3259e1652604d4e32fb60995412f333c4f8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1719F72A0031AAFDF209FA4EC44BAFBBB8FF04741F454126F918A6292D774D905CB64
                                                                                                                                                                                                                                                                                                                                                      Function 0044C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0044C4BD
                                                                                                                                                                                                                                                                                                                                                      • RegCreateKeyExW.ADVAPI32(?,?,00000000,0045CC08,00000000,?,00000000,?,?), ref: 0044C544
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0044C5A4
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0044C5F4
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0044C66F
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0044C6B2
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0044C7C1
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0044C84D
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0044C881
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0044C88E
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0044C960
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                      • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0efc0d8a3fea4c4f6af984107d5d58c5010d96905b2f27bf567ea107ee7fed75
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 179342ed5d189e8c70ba6d7107a822900dbda30d28e731c569ac5d9677661fff
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0efc0d8a3fea4c4f6af984107d5d58c5010d96905b2f27bf567ea107ee7fed75
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 701268356042019FD715EF14C881F2AB7E5EF89714F18889DF88A9B3A2DB35ED41CB89
                                                                                                                                                                                                                                                                                                                                                      Function 0045091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 004509C6
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00450A01
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00450A54
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00450A8A
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00450B06
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00450B81
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003DF9F2: _wcslen.LIBCMT ref: 003DF9FD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00422BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00422BFA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9450e8813e0cc5e73f1f555293ce9c5b963f629726d7036a3f640c015877e38e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 23b19c635f8a5684a4b88aacc3f18262aa25e7859056e64b6f345b921cd65454
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9450e8813e0cc5e73f1f555293ce9c5b963f629726d7036a3f640c015877e38e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57E19D392083019FC714EF24C49092AB7E1BF98319F14895EFC969B362D739ED4ACB85
                                                                                                                                                                                                                                                                                                                                                      Function 0044C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c4ab4869a7eb9832fbd28b851bb58ff926dbd89473f7910123376cb89e18938e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cff05fd0076a8f27fd588de14e42df40dba96753cbbd43fedd873ca854cbadf1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4ab4869a7eb9832fbd28b851bb58ff926dbd89473f7910123376cb89e18938e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B71283260116A8BEB50DE78D8D16BF3391AF60754B28452BFC56AB384EB39DD41C398
                                                                                                                                                                                                                                                                                                                                                      Function 0045833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0045835A
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0045836E
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00458391
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 004583B4
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 004583F2
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00455BF2), ref: 0045844E
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00458487
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 004584CA
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00458501
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 0045850D
                                                                                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0045851D
                                                                                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(?,?,?,?,?,00455BF2), ref: 0045852C
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00458549
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00458555
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                      • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b74829406553da373e42a595add99f0a8badd4208e0ac01cad3f1a118b3531e6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fc48df1b82255333c7f13ab26a7c368dcc2e6eeb08b901b023e066e8d84816fa
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b74829406553da373e42a595add99f0a8badd4208e0ac01cad3f1a118b3531e6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B61B071500319BEEB149F64CC81BBF77A8BB08712F10461AFC15EA1D2EF78A954CBA4
                                                                                                                                                                                                                                                                                                                                                      Function 003C7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8fa6144baf2b77bea0b110a655653a9297885557846a6a42e906334dc9ba53e9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6b79acf3366739f863d91a36184caf4328b02d4a61c75827451b75e961274280
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fa6144baf2b77bea0b110a655653a9297885557846a6a42e906334dc9ba53e9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5981E371A00205BBDB22AF60DC42FAF37A8AF55300F14402AFD05EE2D6EB759D15CB95
                                                                                                                                                                                                                                                                                                                                                      Function 00425A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 00425A2E
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00425A40
                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00425A57
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 00425A6C
                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 00425A72
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00425A82
                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 00425A88
                                                                                                                                                                                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00425AA9
                                                                                                                                                                                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00425AC3
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00425ACC
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00425B33
                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00425B6F
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00425B75
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00425B7C
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00425BD3
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00425BE0
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000005,00000000,?), ref: 00425C05
                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00425C2F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 41a77062aa0caf5b02fcac8bb9b11806824afed1c55da378d33d051cf7565cb0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1ce19d5d35b899115cd1824d226730b782ac2b74c1aae57051fe40bd391de994
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41a77062aa0caf5b02fcac8bb9b11806824afed1c55da378d33d051cf7565cb0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75719F31A00B15AFDB20DFA8DE85A6FBBF5FF48705F104529E142A26A0D778F940CB18
                                                                                                                                                                                                                                                                                                                                                      Function 004230F7 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[H
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-2553913052
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 370222310b5d8f4d9f514da3eb7b23702ac84be5ab6e47fa9fefbe9120c8b78d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 73688e875abbfe0f8deea8df7fa4c2c464d0e79a1b95affd6eea5c43ae9caeab
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 370222310b5d8f4d9f514da3eb7b23702ac84be5ab6e47fa9fefbe9120c8b78d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5CE10232B00626AACB15EF64D441BEEBBB0BF14711F94815BE856E7240DB3CAE858794
                                                                                                                                                                                                                                                                                                                                                      Function 003E00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 003E00C6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0049070C,00000FA0,56A70E63,?,?,?,?,004023B3,000000FF), ref: 003E011C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,004023B3,000000FF), ref: 003E0127
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,004023B3,000000FF), ref: 003E0138
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 003E014E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 003E015C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 003E016A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 003E0195
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 003E01A0
                                                                                                                                                                                                                                                                                                                                                      • ___scrt_fastfail.LIBCMT ref: 003E00E7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E00A3: __onexit.LIBCMT ref: 003E00A9
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      • InitializeConditionVariable, xrefs: 003E0148
                                                                                                                                                                                                                                                                                                                                                      • SleepConditionVariableCS, xrefs: 003E0154
                                                                                                                                                                                                                                                                                                                                                      • kernel32.dll, xrefs: 003E0133
                                                                                                                                                                                                                                                                                                                                                      • WakeAllConditionVariable, xrefs: 003E0162
                                                                                                                                                                                                                                                                                                                                                      • api-ms-win-core-synch-l1-2-0.dll, xrefs: 003E0122
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                      • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: da36beab8d0ce5e87a8b9c3497978de0501ed25be9a3ae6a964a0242f08c2001
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 58ad30e9e1e2a26af6ea5b36e459b523189cb11b719a69200e457d0c54af85b4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da36beab8d0ce5e87a8b9c3497978de0501ed25be9a3ae6a964a0242f08c2001
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7213E326447606FD7166BB5AC45B2A33A4DB04B62F110237FC02AB2D2DFF49C448A99
                                                                                                                                                                                                                                                                                                                                                      Function 004344C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CharLowerBuffW.USER32(00000000,00000000,0045CC08), ref: 00434527
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0043453B
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00434599
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 004345F4
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0043463F
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 004346A7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003DF9F2: _wcslen.LIBCMT ref: 003DF9FD
                                                                                                                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,00486BF0,00000061), ref: 00434743
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                      • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f83ebe384fbbd01e285dafd1880007cfdb763ff1883ce51e183d19bd151d3d66
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 59506529a1fdc20e0ccb2b2b3a1077a646287f4199d1f1fcfb030cdc925eb3e0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f83ebe384fbbd01e285dafd1880007cfdb763ff1883ce51e183d19bd151d3d66
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ADB1EE316083129BC310DF28C891AABB7E4AFE9724F50591EF496C7391D738EC45CB96
                                                                                                                                                                                                                                                                                                                                                      Function 0045911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 003D9BB2
                                                                                                                                                                                                                                                                                                                                                      • DragQueryPoint.SHELL32(?,?), ref: 00459147
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00457674: ClientToScreen.USER32(?,?), ref: 0045769A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00457674: GetWindowRect.USER32(?,?), ref: 00457710
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00457674: PtInRect.USER32(?,?,00458B89), ref: 00457720
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 004591B0
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 004591BB
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 004591DE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00459225
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 0045923E
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 00459255
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 00459277
                                                                                                                                                                                                                                                                                                                                                      • DragFinish.SHELL32(?), ref: 0045927E
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00459371
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#I
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 221274066-2135545193
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c97fbe22a1a2b5e57ee63e0b192eb8070d179add2d54917646abc807a006a077
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 125b48888fa15e77490c50c7328ba93f10f0a6301aca1cf3a19420b05760ef9c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c97fbe22a1a2b5e57ee63e0b192eb8070d179add2d54917646abc807a006a077
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2615971108301AFC701EF60DC85EAFBBE8EF89750F10092EF995961A1DB709A49CB56
                                                                                                                                                                                                                                                                                                                                                      Function 003C326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00491990), ref: 00402F8D
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00491990), ref: 0040303D
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00403081
                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 0040308A
                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(00491990,00000000,?,00000000,00000000,00000000), ref: 0040309D
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 004030A9
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 81178cfbf324ff4f0a53f43166438c926f8eae4f57675fe84c1af703d5444a48
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ceb329fe3a28db0f4090b52d70dda2f8efce409257dead6d03b4056d266c1df8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81178cfbf324ff4f0a53f43166438c926f8eae4f57675fe84c1af703d5444a48
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8710770640216BEEB218F65DD89F9ABF68FF00364F20422BF515BA2E1C7B5AD10D794
                                                                                                                                                                                                                                                                                                                                                      Function 00456CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,?), ref: 00456DEB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C6B57: _wcslen.LIBCMT ref: 003C6B6A
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00456E5F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00456E81
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00456E94
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00456EB5
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,003C0000,00000000), ref: 00456EE4
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00456EFD
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00456F16
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00456F1D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00456F35
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00456F4D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D9944: GetWindowLongW.USER32(?,000000EB), ref: 003D9952
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d8be46e27e6d888d94c2926c8ad1e048b2e4e6715f34af936234b7e711c20fd7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f9460bfadb4f94ead0f4e561ca3d4cb8b066215fd68096ce04bc2e30acacb658
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8be46e27e6d888d94c2926c8ad1e048b2e4e6715f34af936234b7e711c20fd7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE716971504341AFDB21CF18D884F6BBBE9EB99305F54092EF98987262C774E90ACB19
                                                                                                                                                                                                                                                                                                                                                      Function 0043C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0043C4B0
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0043C4C3
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0043C4D7
                                                                                                                                                                                                                                                                                                                                                      • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0043C4F0
                                                                                                                                                                                                                                                                                                                                                      • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0043C533
                                                                                                                                                                                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0043C549
                                                                                                                                                                                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0043C554
                                                                                                                                                                                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0043C584
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0043C5DC
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0043C5F0
                                                                                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0043C5FB
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c1c7e6d889802701deda5a133df473d92e7e1d3832f96e7de88831bb47ab24df
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 811df77b4dc3ea93d27c19404e15720e39bce3ce87473539dca317b2b3546d60
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1c7e6d889802701deda5a133df473d92e7e1d3832f96e7de88831bb47ab24df
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD516AB1500309BFDB218F61CDC8AAB7BBCFF08745F00542AF945A6651DB38E904DBA8
                                                                                                                                                                                                                                                                                                                                                      Function 0045856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00458592
                                                                                                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004585A2
                                                                                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004585AD
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004585BA
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 004585C8
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004585D7
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 004585E0
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004585E7
                                                                                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 004585F8
                                                                                                                                                                                                                                                                                                                                                      • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0045FC38,?), ref: 00458611
                                                                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00458621
                                                                                                                                                                                                                                                                                                                                                      • GetObjectW.GDI32(?,00000018,?), ref: 00458641
                                                                                                                                                                                                                                                                                                                                                      • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00458671
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00458699
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 004586AF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 78964ebfd2cfd144620eb9c4d871e3e8d90e8ff3b8184c5e3a26a1f7e2fc3454
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 29ff893f26a9f2c174682bb717a7758fa0276f0011756ff64875411b76a63e2c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 78964ebfd2cfd144620eb9c4d871e3e8d90e8ff3b8184c5e3a26a1f7e2fc3454
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31410975600308BFDB119FA5CC88EAB7BB8EB89712F104069F905E7262DB34D945CF64
                                                                                                                                                                                                                                                                                                                                                      Function 004314BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 00431502
                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 0043150B
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00431517
                                                                                                                                                                                                                                                                                                                                                      • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 004315FB
                                                                                                                                                                                                                                                                                                                                                      • VarR8FromDec.OLEAUT32(?,?), ref: 00431657
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00431708
                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 0043178C
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 004317D8
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 004317E7
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 00431823
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                      • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c37bfcbe1b9cfc60872f1f8c51c03f841931d55a46070c5572621e74432bef01
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 526968ed27d2c390084a811cac5cfeb4fd8a6ddd1023df7f7d3e8a391902ae5b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c37bfcbe1b9cfc60872f1f8c51c03f841931d55a46070c5572621e74432bef01
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51D1F032A00205EFDB019F65E885B7DB7B5BF49700F54845BE406EB2A1DB38DC42DB66
                                                                                                                                                                                                                                                                                                                                                      Function 0044B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C9CB3: _wcslen.LIBCMT ref: 003C9CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0044B6AE,?,?), ref: 0044C9B5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044C998: _wcslen.LIBCMT ref: 0044C9F1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044C998: _wcslen.LIBCMT ref: 0044CA68
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044C998: _wcslen.LIBCMT ref: 0044CA9E
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0044B6F4
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0044B772
                                                                                                                                                                                                                                                                                                                                                      • RegDeleteValueW.ADVAPI32(?,?), ref: 0044B80A
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0044B87E
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0044B89C
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0044B8F2
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0044B904
                                                                                                                                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 0044B922
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 0044B983
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0044B994
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a22bb95c6facd9add50a8b5df92e2778f385d01663613bbc8a8236a5664f4c07
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 419bf4e2c4a29e5b665b66826166b4dfe9530b51cd4a84fa0c6debb1223103ee
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a22bb95c6facd9add50a8b5df92e2778f385d01663613bbc8a8236a5664f4c07
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30C17C74208601AFE715DF14C495F2ABBE5FF84318F14849DE49A8B3A2CB35EC46CB96
                                                                                                                                                                                                                                                                                                                                                      Function 0044255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 004425D8
                                                                                                                                                                                                                                                                                                                                                      • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 004425E8
                                                                                                                                                                                                                                                                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 004425F4
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00442601
                                                                                                                                                                                                                                                                                                                                                      • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0044266D
                                                                                                                                                                                                                                                                                                                                                      • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 004426AC
                                                                                                                                                                                                                                                                                                                                                      • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 004426D0
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 004426D8
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 004426E1
                                                                                                                                                                                                                                                                                                                                                      • DeleteDC.GDI32(?), ref: 004426E8
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 004426F3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                      • String ID: (
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 86edf5368cf244bc8644d87043e2ea7422a1f4091c5b3c237ab243e355e9b4e2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b79876dab2e7f4df19978fb3f297ac25caa8b2051282bc5362f384d0c894e101
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86edf5368cf244bc8644d87043e2ea7422a1f4091c5b3c237ab243e355e9b4e2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95611275D00319EFDF04CFA8D984AAEBBB5FF48310F20852AE956A7250D774A941CF94
                                                                                                                                                                                                                                                                                                                                                      Function 003FDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ___free_lconv_mon.LIBCMT ref: 003FDAA1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003FD63C: _free.LIBCMT ref: 003FD659
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003FD63C: _free.LIBCMT ref: 003FD66B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003FD63C: _free.LIBCMT ref: 003FD67D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003FD63C: _free.LIBCMT ref: 003FD68F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003FD63C: _free.LIBCMT ref: 003FD6A1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003FD63C: _free.LIBCMT ref: 003FD6B3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003FD63C: _free.LIBCMT ref: 003FD6C5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003FD63C: _free.LIBCMT ref: 003FD6D7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003FD63C: _free.LIBCMT ref: 003FD6E9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003FD63C: _free.LIBCMT ref: 003FD6FB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003FD63C: _free.LIBCMT ref: 003FD70D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003FD63C: _free.LIBCMT ref: 003FD71F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003FD63C: _free.LIBCMT ref: 003FD731
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FDA96
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003F29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,003FD7D1,00000000,00000000,00000000,00000000,?,003FD7F8,00000000,00000007,00000000,?,003FDBF5,00000000), ref: 003F29DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003F29C8: GetLastError.KERNEL32(00000000,?,003FD7D1,00000000,00000000,00000000,00000000,?,003FD7F8,00000000,00000007,00000000,?,003FDBF5,00000000,00000000), ref: 003F29F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FDAB8
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FDACD
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FDAD8
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FDAFA
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FDB0D
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FDB1B
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FDB26
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FDB5E
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FDB65
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FDB82
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FDB9A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6a2b426c31109ae3693948c366f39a0229ec9cfe6d5267efda26c86e24d10de8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cdb0a043a80754d9d4ed2ed4f15a53b93ce6166243a2605b3340541b4ae06412
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a2b426c31109ae3693948c366f39a0229ec9cfe6d5267efda26c86e24d10de8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F531593164420ADFEB23AE38E849B7B77EAFF01311F124529E648DB191DB71AC508B24
                                                                                                                                                                                                                                                                                                                                                      Function 0042365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 0042369C
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 004236A7
                                                                                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00423797
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 0042380C
                                                                                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 0042385D
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00423882
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 004238A0
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(00000000), ref: 004238A7
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 00423921
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 0042395D
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 92c8d5b92794e68dc874e15caae0c4332fb97493136e4279a39af16c3989dbd2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3e39a0d49c552a3a74ef1082d216c1f4caa2d6e63bd1a5d188030f513c4dd0e8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92c8d5b92794e68dc874e15caae0c4332fb97493136e4279a39af16c3989dbd2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED91D471300326AFD719DF24D885BABB7E8FF44341F40852AF999C6290DB38EA45CB95
                                                                                                                                                                                                                                                                                                                                                      Function 00424954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 00424994
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 004249DA
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 004249EB
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,00000000), ref: 004249F7
                                                                                                                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 00424A2C
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 00424A64
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 00424A9D
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 00424AE6
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 00424B20
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00424B8B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                      • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4dc25e61930afae97f9d402a9dfafe8466189de294bda4ba63d887a29ea712a2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d57220462cbda798b30a0035359dcf24615fbe3e14359a8ee74b6f59f7b7a441
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4dc25e61930afae97f9d402a9dfafe8466189de294bda4ba63d887a29ea712a2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1791F2312043159FDB04CF14E880BAB7BE8FF84314F44846AFD858A296DB38ED45CBA5
                                                                                                                                                                                                                                                                                                                                                      Function 00458D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 003D9BB2
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00458D5A
                                                                                                                                                                                                                                                                                                                                                      • GetFocus.USER32 ref: 00458D6A
                                                                                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(00000000), ref: 00458D75
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00458E1D
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00458ECF
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(?), ref: 00458EEC
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,00000000), ref: 00458EFC
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00458F2E
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00458F70
                                                                                                                                                                                                                                                                                                                                                      • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00458FA1
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9c57f141d07235b25fa9f1e4ecf3853478c1946578b79a7e5ada6296545fc892
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8878d6a46a6544d2935ba30f3366fc7d48b31b213f83e750304517284c5d3be5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c57f141d07235b25fa9f1e4ecf3853478c1946578b79a7e5ada6296545fc892
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1818B72504311AFDB10CF24D885A6B7BE9BB88355F04092EFD85E7292DF34D909CB6A
                                                                                                                                                                                                                                                                                                                                                      Function 0042DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0042DC20
                                                                                                                                                                                                                                                                                                                                                      • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0042DC46
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0042DC50
                                                                                                                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 0042DCA0
                                                                                                                                                                                                                                                                                                                                                      • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0042DCBC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                      • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cdf2f6786dbda42c88420a7eb18df1df80233aedf1fdd74dd8fef1e52f1a97fe
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6a46110adde449d47b80b7b770d90f750dc8e263d470869d0bda36e95c257ed1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cdf2f6786dbda42c88420a7eb18df1df80233aedf1fdd74dd8fef1e52f1a97fe
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98410632E402217ED702B765AC47FBF776CEF45710F50056BF901AA2C2EA69A90187A9
                                                                                                                                                                                                                                                                                                                                                      Function 0044CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0044CC64
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0044CC8D
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0044CD48
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0044CCAA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0044CCBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0044CCCF
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0044CD05
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0044CD28
                                                                                                                                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 0044CCF3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a53392ac08252edd159e2de56491b4d005447f2ac07189182e7da36c3413a522
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 36e0a4298c82c6e163e3460284dfd39d41155433df7d4388fe65d73c88017b65
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a53392ac08252edd159e2de56491b4d005447f2ac07189182e7da36c3413a522
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C3182B1902219BFE7209B91DCC8EFFBB7CEF05751F040166A905E2251DA389A45DAA8
                                                                                                                                                                                                                                                                                                                                                      Function 0042E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 0042E6B4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003DE551: timeGetTime.WINMM(?,?,0042E6D4), ref: 003DE555
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 0042E6E1
                                                                                                                                                                                                                                                                                                                                                      • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0042E705
                                                                                                                                                                                                                                                                                                                                                      • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0042E727
                                                                                                                                                                                                                                                                                                                                                      • SetActiveWindow.USER32 ref: 0042E746
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0042E754
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 0042E773
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000000FA), ref: 0042E77E
                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32 ref: 0042E78A
                                                                                                                                                                                                                                                                                                                                                      • EndDialog.USER32(00000000), ref: 0042E79B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                      • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cbb31b7f8618c7373e2902d56fd642907d9858b19423ab2bdcb487430a84f276
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6de33bc42e61a41c476d38ab2cd549f2ed844018ea5bb4ee62fcc89f8cf7b0cc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cbb31b7f8618c7373e2902d56fd642907d9858b19423ab2bdcb487430a84f276
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F218E70304315BFEB105F62FDC9E263B69E76534AB900437F802916A2DBA9EC009A2C
                                                                                                                                                                                                                                                                                                                                                      Function 0042E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C9CB3: _wcslen.LIBCMT ref: 003C9CBD
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0042EA5D
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0042EA73
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0042EA84
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0042EA96
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0042EAA7
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1c4ff2b9e5a035796819a31740ace3d0dbfcd96cb4bad94a444e4a785a13b86a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f61995cb1583558475f344422462e793f895ddc2dcc38fc191fae3a98eb6acba
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c4ff2b9e5a035796819a31740ace3d0dbfcd96cb4bad94a444e4a785a13b86a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53118F61B9026979D720B7A2EC4AFFF6A7CEBD1B00F51082BB801A61D1EE740D05C6B4
                                                                                                                                                                                                                                                                                                                                                      Function 003D8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,003D8BE8,?,00000000,?,?,?,?,003D8BBA,00000000,?), ref: 003D8FC5
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 003D8C81
                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(00000000,?,?,?,?,003D8BBA,00000000,?), ref: 003D8D1B
                                                                                                                                                                                                                                                                                                                                                      • DestroyAcceleratorTable.USER32(00000000), ref: 00416973
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,003D8BBA,00000000,?), ref: 004169A1
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,003D8BBA,00000000,?), ref: 004169B8
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,003D8BBA,00000000), ref: 004169D4
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 004169E6
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c1a1466ebe9500f8efbec78f8393306c97b44c70fa6dbc83d338207e29b54b68
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 24da7c556ef090f86c68b5e4757b0cf31734b4236c3a78c467be13cd551f9f96
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1a1466ebe9500f8efbec78f8393306c97b44c70fa6dbc83d338207e29b54b68
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3618A72512701DFCB229F14E988B6AB7B5FB50312F15452BE0429BAB0CB35F980DF98
                                                                                                                                                                                                                                                                                                                                                      Function 003D9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D9944: GetWindowLongW.USER32(?,000000EB), ref: 003D9952
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 003D9862
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 268d6dbfde8a90c63ac4060db21a830f7a62d02021657955e15331031b16b530
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 775ca72a46fe9d278b490f63cfd63311c432c0e213db1a2f9e8fa0106110f078
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 268d6dbfde8a90c63ac4060db21a830f7a62d02021657955e15331031b16b530
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0641A432104754AFDB225F38AC84BBA37A5AB06731F154617F9A2872E2D731DD42EB14
                                                                                                                                                                                                                                                                                                                                                      Function 003F8D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: .>
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1757889381
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 80807b142b189fb2c2c683649161bbe291117d6e4157f8272ddd7582b7fe3071
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 78f490e2a1d5db78b8646cfc8f464b8c28356a4855d40d5d852fb90cb9de5566
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80807b142b189fb2c2c683649161bbe291117d6e4157f8272ddd7582b7fe3071
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56C1057590434EAFCB17DFA8D845BBDBBB4AF19310F05416AFA14AB392CB718941CB60
                                                                                                                                                                                                                                                                                                                                                      Function 004296E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0040F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00429717
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,0040F7F8,00000001), ref: 00429720
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C9CB3: _wcslen.LIBCMT ref: 003C9CBD
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0040F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00429742
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,0040F7F8,00000001), ref: 00429745
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00429866
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9e5050df8155b9b4d4cd40092faf7e3ddadd8b29d22124dfce49768740c312c5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c70fcb69262ba3a87e9a4850823e1679944f1be02bd9ec767dc895b78d8b7ab9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e5050df8155b9b4d4cd40092faf7e3ddadd8b29d22124dfce49768740c312c5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B415F72900219AADB05FBE0DD86FEE7378AF14340F61446AF505B7092EB396F48CB65
                                                                                                                                                                                                                                                                                                                                                      Function 004206DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C6B57: _wcslen.LIBCMT ref: 003C6B6A
                                                                                                                                                                                                                                                                                                                                                      • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 004207A2
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 004207BE
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 004207DA
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00420804
                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0042082C
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00420837
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0042083C
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3407f6be9ac2813ef37fe3545b1882ac18e603f1b5ad228c3c11496f31197c55
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ab7c86e985e64c33659d7db28ba9e47d3b71c1eecf625520e53db50d58fb5e91
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3407f6be9ac2813ef37fe3545b1882ac18e603f1b5ad228c3c11496f31197c55
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8412972D0022CABCF11EFA4DC85EEEB7B8FF04350B54412AE801A71A1EB349E04CB94
                                                                                                                                                                                                                                                                                                                                                      Function 00443C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00443C5C
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00443C8A
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00443C94
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00443D2D
                                                                                                                                                                                                                                                                                                                                                      • GetRunningObjectTable.OLE32(00000000,?), ref: 00443DB1
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,00000029), ref: 00443ED5
                                                                                                                                                                                                                                                                                                                                                      • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00443F0E
                                                                                                                                                                                                                                                                                                                                                      • CoGetObject.OLE32(?,00000000,0045FB98,?), ref: 00443F2D
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 00443F40
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00443FC4
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00443FD8
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: aed0957f7104109795ad3aad8c51b17e601fb2f4e154ebccba1b9851735093a2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6ba5bdd49c384be0bcca057b93b3372d22d8a59fc01ab4e63682a4fa4bbdd383
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aed0957f7104109795ad3aad8c51b17e601fb2f4e154ebccba1b9851735093a2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9DC147716083019FE700DF64C88492BB7E9FF89B49F10495EF98A9B211D735EE05CB56
                                                                                                                                                                                                                                                                                                                                                      Function 00437A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00437AF3
                                                                                                                                                                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00437B8F
                                                                                                                                                                                                                                                                                                                                                      • SHGetDesktopFolder.SHELL32(?), ref: 00437BA3
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(0045FD08,00000000,00000001,00486E6C,?), ref: 00437BEF
                                                                                                                                                                                                                                                                                                                                                      • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00437C74
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(?,?), ref: 00437CCC
                                                                                                                                                                                                                                                                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 00437D57
                                                                                                                                                                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00437D7A
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00437D81
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00437DD6
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00437DDC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d76a87799d75db76b52519d1fb1a37d114deccc24cf57aa789a086d26e2b563f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 14dde78fdf8a465068ceb7b82c69e8ae4b188ae18d236e91b199d58a6f92ba61
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d76a87799d75db76b52519d1fb1a37d114deccc24cf57aa789a086d26e2b563f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2C11875A04209AFCB14DF64C884DAEBBB9FF48305F1484A9E81ADB361D734EE45CB94
                                                                                                                                                                                                                                                                                                                                                      Function 0045541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00455504
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00455515
                                                                                                                                                                                                                                                                                                                                                      • CharNextW.USER32(00000158), ref: 00455544
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00455585
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0045559B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004555AC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b562d94275227738d7f3ac97d673000919263cc6d6eed4d19ea252a108a7bc6d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 58d848db9821732cd858ebb08855f468b13f014f13b5fc9ba7add7461daad871
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b562d94275227738d7f3ac97d673000919263cc6d6eed4d19ea252a108a7bc6d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29619070900609FFDF10DF54CC94AFF3BB9EB06322F104156F925A6292D7788A89DB69
                                                                                                                                                                                                                                                                                                                                                      Function 0041FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0041FAAF
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAllocData.OLEAUT32(?), ref: 0041FB08
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0041FB1A
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(?,?), ref: 0041FB3A
                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 0041FB8D
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(?), ref: 0041FBA1
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0041FBB6
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayDestroyData.OLEAUT32(?), ref: 0041FBC3
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0041FBCC
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0041FBDE
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0041FBE9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dbbbaf5eaa0be97f1db53ae41e2dbeabcbf2fb8e1e4c9033e73fed150becbb22
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c2ff0564b1fc9a4b67048021b83ba5fc2d296492edbbf56656c705bb7579c803
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dbbbaf5eaa0be97f1db53ae41e2dbeabcbf2fb8e1e4c9033e73fed150becbb22
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46415075A002199FCB00DF64C894DEEBBB9FF48345F00806AE955AB262D734E946CB94
                                                                                                                                                                                                                                                                                                                                                      Function 00429C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 00429CA1
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 00429D22
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A0), ref: 00429D3D
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 00429D57
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A1), ref: 00429D6C
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 00429D84
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 00429D96
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 00429DAE
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000012), ref: 00429DC0
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 00429DD8
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(0000005B), ref: 00429DEA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b9dc6b9e0ee8bd4d5a944fab924c60fff4d3e3d3dd30276bdad643194c7938e5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 824e97b51092d4d4d6b110bf5032e24d73337ad5e85b65e5b822244ca14d39f3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9dc6b9e0ee8bd4d5a944fab924c60fff4d3e3d3dd30276bdad643194c7938e5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC41E8347147E96DFF308661A4443B7BEA06F11344F88805BC6C6567C2E7AC9DC4D7AA
                                                                                                                                                                                                                                                                                                                                                      Function 0044055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • WSAStartup.WSOCK32(00000101,?), ref: 004405BC
                                                                                                                                                                                                                                                                                                                                                      • inet_addr.WSOCK32(?), ref: 0044061C
                                                                                                                                                                                                                                                                                                                                                      • gethostbyname.WSOCK32(?), ref: 00440628
                                                                                                                                                                                                                                                                                                                                                      • IcmpCreateFile.IPHLPAPI ref: 00440636
                                                                                                                                                                                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 004406C6
                                                                                                                                                                                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 004406E5
                                                                                                                                                                                                                                                                                                                                                      • IcmpCloseHandle.IPHLPAPI(?), ref: 004407B9
                                                                                                                                                                                                                                                                                                                                                      • WSACleanup.WSOCK32 ref: 004407BF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                      • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 98696ecf0f2e703e2eef43943b43f63ba3c50bae501ad6454677c2cc40831f51
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 54d02a03ae1420ef5e6ddbf79ed3855e8f3576d3e17bf219282dacd7deaa9911
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98696ecf0f2e703e2eef43943b43f63ba3c50bae501ad6454677c2cc40831f51
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83918C35604301AFE320DF15C489F1ABBE0EF48318F1585AAE56A8B7A2C734ED51CF96
                                                                                                                                                                                                                                                                                                                                                      Function 00448CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                      • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a6e403300a310494c30b0008f1e8d34254a9193934b2f73867c1334cda18ed7e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7f44bca1947aad2240b8025ea6491839166c66c2703a616616b82404efe17279
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a6e403300a310494c30b0008f1e8d34254a9193934b2f73867c1334cda18ed7e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C551A171A005169BDB14DF6CC9509BEB7A5BF64324B31422EE826EB3C5DB38DD40C794
                                                                                                                                                                                                                                                                                                                                                      Function 0044372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32 ref: 00443774
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 0044377F
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000017,0045FB78,?), ref: 004437D9
                                                                                                                                                                                                                                                                                                                                                      • IIDFromString.OLE32(?,?), ref: 0044384C
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 004438E4
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00443936
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                      • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bf321dcaa2ebaf85ce1223ad43e8698a7faa295977afa81872dce692c98590a7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 88bfd23757e64b5add9b191cb751e8409ff02ffa28f99c280ef7edeb3025d71f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf321dcaa2ebaf85ce1223ad43e8698a7faa295977afa81872dce692c98590a7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB619170608301AFE311EF54C889F5AB7E4EF49B16F10485EF8859B291C774EE49CB9A
                                                                                                                                                                                                                                                                                                                                                      Function 00438195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLocalTime.KERNEL32(?), ref: 00438257
                                                                                                                                                                                                                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 00438267
                                                                                                                                                                                                                                                                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00438273
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00438310
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00438324
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00438356
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0043838C
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00438395
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c2c160e70a193061d2ecab3186ccfc1ca8c5797e20b53e145c73b72e0883c1a6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d31b1dda136bd4f368902757534352b9a970af330792a728139126da4ce3ed5b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2c160e70a193061d2ecab3186ccfc1ca8c5797e20b53e145c73b72e0883c1a6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 496146725043459FCB10EF60C881AAFB3E8BF89314F04896EF999C7251DB39E945CB96
                                                                                                                                                                                                                                                                                                                                                      Function 00458B02 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 003D9BB2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D912D: GetCursorPos.USER32(?), ref: 003D9141
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D912D: ScreenToClient.USER32(00000000,?), ref: 003D915E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D912D: GetAsyncKeyState.USER32(00000001), ref: 003D9183
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D912D: GetAsyncKeyState.USER32(00000002), ref: 003D919D
                                                                                                                                                                                                                                                                                                                                                      • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00458B6B
                                                                                                                                                                                                                                                                                                                                                      • ImageList_EndDrag.COMCTL32 ref: 00458B71
                                                                                                                                                                                                                                                                                                                                                      • ReleaseCapture.USER32 ref: 00458B77
                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,00000000), ref: 00458C12
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00458C25
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00458CFF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DROPID$p#I
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1924731296-1938281753
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ed027f10372e9feccd5cac262694a8696d3e9c68d06026d4d6b33c7092c1eb34
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bf631c8ace334a7ca13061853392c5e41bdca87726a4b936760e50a881a7e56a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed027f10372e9feccd5cac262694a8696d3e9c68d06026d4d6b33c7092c1eb34
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9517D71104304AFD701EF14DC96FAA77E4FB84715F00062EF956AB2A2DB749D08CB66
                                                                                                                                                                                                                                                                                                                                                      Function 00433388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 004333CF
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C9CB3: _wcslen.LIBCMT ref: 003C9CBD
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 004333F0
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3b1304014a212165794fa4ebd54543e7bff65dcdfe3d7ef810a41f481f161c1f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fe84d19efa687c0117c28a66d0cb618003eef5df7499a81ac4c61b41586dd09a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b1304014a212165794fa4ebd54543e7bff65dcdfe3d7ef810a41f481f161c1f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6451B332900209BADF16EBA0DD46FEEB378AF14345F20416AF405B6162DB356F58CB68
                                                                                                                                                                                                                                                                                                                                                      Function 0042B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 59e21d145b67a8bdbdb8b1e0bf7f37f4373c88f964657273c4df4244ac6074ea
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a128682e4109c9a40c4fe2cc2f5a64671dbf2db61b1d90cff45c55d78345f3f2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59e21d145b67a8bdbdb8b1e0bf7f37f4373c88f964657273c4df4244ac6074ea
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8541F532B001369ACB206F7D98905BFB7A5EFA0754B65422BE462DB380E739CD81C7D5
                                                                                                                                                                                                                                                                                                                                                      Function 00435393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 004353A0
                                                                                                                                                                                                                                                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00435416
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00435420
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,READY), ref: 004354A7
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                      • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 68cb64421a2538d5a1b38470d0fba90d93d951cc3ff5ab0c0f9158fd1ee1db29
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d07d94a2946ecf3bd52984c0c9047e4e2d627b29b15655031f59f74a7c9979cb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68cb64421a2538d5a1b38470d0fba90d93d951cc3ff5ab0c0f9158fd1ee1db29
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E931AE35A006049FD715DF68C884FAABBB4EF59305F14806AE805CF392D739DD82CB95
                                                                                                                                                                                                                                                                                                                                                      Function 00453C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateMenu.USER32 ref: 00453C79
                                                                                                                                                                                                                                                                                                                                                      • SetMenu.USER32(?,00000000), ref: 00453C88
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00453D10
                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 00453D24
                                                                                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 00453D2E
                                                                                                                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00453D5B
                                                                                                                                                                                                                                                                                                                                                      • DrawMenuBar.USER32 ref: 00453D63
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 70a2aae5a190c8c9de53ecb06d9c8f35760c8001e1e0013ca7bdd209f3dd2c48
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9d486a222f2ff827bb5f4b1d4f5671db32e60976a49db2e4815d31e1e78073ea
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70a2aae5a190c8c9de53ecb06d9c8f35760c8001e1e0013ca7bdd209f3dd2c48
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2415B75A01309AFDB14CFA4D884B9A77B5FF49392F14002AED4697361D734EA18CF98
                                                                                                                                                                                                                                                                                                                                                      Function 00453A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00453A9D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00453AA0
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00453AC7
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00453AEA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00453B62
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00453BAC
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00453BC7
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00453BE2
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00453BF6
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00453C13
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 516bc11b27e4428b16075a5d806d5a9dffdaa2beb6b617ede1e46b22a48fcb1b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ead330fe6392fb6de5d3a1818d7a68d992140e7da367273a2769fe4037b7efb8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 516bc11b27e4428b16075a5d806d5a9dffdaa2beb6b617ede1e46b22a48fcb1b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D618B75900248AFDB11DFA8CC81EEE77B8EB09705F1001AAFA15E73A2C774AE45DB54
                                                                                                                                                                                                                                                                                                                                                      Function 0042B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0042B151
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0042A1E1,?,00000001), ref: 0042B165
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000), ref: 0042B16C
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0042A1E1,?,00000001), ref: 0042B17B
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 0042B18D
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0042A1E1,?,00000001), ref: 0042B1A6
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0042A1E1,?,00000001), ref: 0042B1B8
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0042A1E1,?,00000001), ref: 0042B1FD
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0042A1E1,?,00000001), ref: 0042B212
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0042A1E1,?,00000001), ref: 0042B21D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 646c1af45e4858fbf418e5c465f87be251d1b873890b54d9199ddbfcd31076d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b611cebea27ab1ff781a280b59746c898a59044f98c7bfe38c749d7b06dc1689
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 646c1af45e4858fbf418e5c465f87be251d1b873890b54d9199ddbfcd31076d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8317A71650314EFDB109F64EC88B7E7BA9EB62356F504026FA01D7291D7B89A40CFAC
                                                                                                                                                                                                                                                                                                                                                      Function 003F2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F2C94
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003F29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,003FD7D1,00000000,00000000,00000000,00000000,?,003FD7F8,00000000,00000007,00000000,?,003FDBF5,00000000), ref: 003F29DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003F29C8: GetLastError.KERNEL32(00000000,?,003FD7D1,00000000,00000000,00000000,00000000,?,003FD7F8,00000000,00000007,00000000,?,003FDBF5,00000000,00000000), ref: 003F29F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F2CA0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F2CAB
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F2CB6
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F2CC1
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F2CCC
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F2CD7
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F2CE2
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F2CED
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F2CFB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a1c0693f480f90b95fc3caf174978f490d353c42213c55b78be7ac82fb864280
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 533d53f4a8e80fc1b3664bd81ca3166a45327020bf9412dd2cfc51d5eab77da5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1c0693f480f90b95fc3caf174978f490d353c42213c55b78be7ac82fb864280
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D11927614010DEFCB02EF94D882CEE3BA5BF06350F4144A5FA489F222DB71EE609B90
                                                                                                                                                                                                                                                                                                                                                      Function 003C5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EB), ref: 003C5C7A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C5D0A: GetClientRect.USER32(?,?), ref: 003C5D30
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C5D0A: GetWindowRect.USER32(?,?), ref: 003C5D71
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C5D0A: ScreenToClient.USER32(?,?), ref: 003C5D99
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32 ref: 004046F5
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00404708
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00404716
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 0040472B
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00404733
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 004047C4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 023379a3fe97d6f3acb9e6ccab858c640ef02d8576840ea7c0ea29785c2509be
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 47d72dda5b8c198146cd24178d2fa3684931e39de47b7c1b1d1f5e8631fd5fc2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 023379a3fe97d6f3acb9e6ccab858c640ef02d8576840ea7c0ea29785c2509be
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D71DF71400205DFCF228F64C984EAA3BB5FF8A315F14427AEE51AB2A6D3399C81DF54
                                                                                                                                                                                                                                                                                                                                                      Function 0043359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 004335E4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C9CB3: _wcslen.LIBCMT ref: 003C9CBD
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00492390,?,00000FFF,?), ref: 0043360A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8cd2b671120395f0ad7b0df25ebc6dde196586353b0f681fd7588d77a1967723
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 772a57271be1046d44966e38146650617dda6710da7715d93d9585bbee4fd50e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8cd2b671120395f0ad7b0df25ebc6dde196586353b0f681fd7588d77a1967723
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A951817190020ABADF16EFA0DC46FEEBB34AF14301F14412AF505B61A1DB341E99DF68
                                                                                                                                                                                                                                                                                                                                                      Function 0043C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0043C272
                                                                                                                                                                                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0043C29A
                                                                                                                                                                                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0043C2CA
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0043C322
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 0043C336
                                                                                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0043C341
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4623cc7cc63221b1e349f015ed19789f975883164f973b2f5645091917e87abf
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e5811cc0d36c6f54c8da67788bf76355fdce71ff306e8582e462d29a84226349
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4623cc7cc63221b1e349f015ed19789f975883164f973b2f5645091917e87abf
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3318F71600308AFD7219F658CC4A6B7BFCEB4D744F10952EF846A2201DB38DD058B69
                                                                                                                                                                                                                                                                                                                                                      Function 0042989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00403AAF,?,?,Bad directive syntax error,0045CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 004298BC
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,00403AAF,?), ref: 004298C3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C9CB3: _wcslen.LIBCMT ref: 003C9CBD
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00429987
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cef23d4571b17fc70f8e17d742f689c088db830c71cb10e4b0daca161b073210
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9d180b865997550ce1d0a11ad878fd26c29d5db9c4683986d5dbd0bc27a31454
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cef23d4571b17fc70f8e17d742f689c088db830c71cb10e4b0daca161b073210
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40219132A0031AABCF12AF90DC4AFEE7735BF18704F04446BF515660A2DB359A58CB58
                                                                                                                                                                                                                                                                                                                                                      Function 0042209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32 ref: 004220AB
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000000,?,00000100), ref: 004220C0
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0042214D
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 41898857d113af786d58bf0a72da5ae6f5ff91a3048da886c23645556219e8cc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cd40bc5b78b0286aede34d39da6fca9142402f1747876644ffa22be235912427
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41898857d113af786d58bf0a72da5ae6f5ff91a3048da886c23645556219e8cc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4110A7A784727B9F6023621EC06DFB379CDF14324B600127F704A91D2FEE9A822561C
                                                                                                                                                                                                                                                                                                                                                      Function 003FCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: beaaf7db69846f86568c13ad6ce05655e516f5075b254eb07079b6dd95f6a4e9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0a97721dad410a4874054904310f11cdbb3bdc122e9eacb27a1885c42faa2b1b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: beaaf7db69846f86568c13ad6ce05655e516f5075b254eb07079b6dd95f6a4e9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2761377194430DAFDB23AFB49985A7ABBA5EF05350F05427EFB419B282DB319D01C790
                                                                                                                                                                                                                                                                                                                                                      Function 003D8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00416890
                                                                                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 004168A9
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 004168B9
                                                                                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 004168D1
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 004168F2
                                                                                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,003D8874,00000000,00000000,00000000,000000FF,00000000), ref: 00416901
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0041691E
                                                                                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,003D8874,00000000,00000000,00000000,000000FF,00000000), ref: 0041692D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 69c9e41a88de68ae60810b49a080293bb405fff31f507f0270cd9b3f2b01a8c9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e081fa2d0dc58b4aed6927fb6520d9bcee6a09d950f5e2f8106159a6c785f2e8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69c9e41a88de68ae60810b49a080293bb405fff31f507f0270cd9b3f2b01a8c9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2451A7B1600309AFDB21DF25DC91FAA7BBAEB58310F10452AF912972A0DB70E990DB44
                                                                                                                                                                                                                                                                                                                                                      Function 0043C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0043C182
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0043C195
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 0043C1A9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0043C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0043C272
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0043C253: GetLastError.KERNEL32 ref: 0043C322
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0043C253: SetEvent.KERNEL32(?), ref: 0043C336
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0043C253: InternetCloseHandle.WININET(00000000), ref: 0043C341
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cd429ea06193c842ac48f6f0b6d691179fa5e4c8fca8a03f17b78f610f61338f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 66a187881d8bff0f23335d2816c146a0c1fa34747b4cc8751e6ea8f09b56ec06
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd429ea06193c842ac48f6f0b6d691179fa5e4c8fca8a03f17b78f610f61338f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2831BE71900701AFDB209FA5DC84A6BBBE9FF1C301F10542EF956A2611D734E811EFA8
                                                                                                                                                                                                                                                                                                                                                      Function 004225A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00423A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00423A57
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00423A3D: GetCurrentThreadId.KERNEL32 ref: 00423A5E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00423A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,004225B3), ref: 00423A65
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 004225BD
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 004225DB
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 004225DF
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 004225E9
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00422601
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00422605
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 0042260F
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00422623
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00422627
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2d0edf133669dc82d168faf84e2fd545ca322da2f117d441a311d78e549f53ad
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0c1403d7bd6f20cba896f8967e102bc10bdba1089c530a52079eb12435fc95e0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d0edf133669dc82d168faf84e2fd545ca322da2f117d441a311d78e549f53ad
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E01D831390720BBFB1067699CCAF597F99DB4EB13F500026F314AF1D2C9E554448A6D
                                                                                                                                                                                                                                                                                                                                                      Function 00421803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00421449,?,?,00000000), ref: 0042180C
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00421449,?,?,00000000), ref: 00421813
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00421449,?,?,00000000), ref: 00421828
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,?,00421449,?,?,00000000), ref: 00421830
                                                                                                                                                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,00421449,?,?,00000000), ref: 00421833
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00421449,?,?,00000000), ref: 00421843
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00421449,00000000,?,00421449,?,?,00000000), ref: 0042184B
                                                                                                                                                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,00421449,?,?,00000000), ref: 0042184E
                                                                                                                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,00421874,00000000,00000000,00000000), ref: 00421868
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 74348bbea1627db3604c0560bc883ffcea1eeae8fc7b8daa6e487b2273a1b34d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8f996339106a80425ef784a58caa837f6120cab53a251636b5ec840eb8d5b1fc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74348bbea1627db3604c0560bc883ffcea1eeae8fc7b8daa6e487b2273a1b34d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B401A8B5640708BFE610ABA5DC89F6B3BACEB89B11F404461FA05DB1A2CA74DC40CF24
                                                                                                                                                                                                                                                                                                                                                      Function 0044A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0042D501
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0042D50F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042D4DC: CloseHandle.KERNEL32(00000000), ref: 0042D5DC
                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0044A16D
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0044A180
                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0044A1B3
                                                                                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 0044A268
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 0044A273
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0044A2C4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                      • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 693524aa0929b30f7cb61926eeca243fd703534cafe3adf3993bc05288dd9c5b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cd7d9932debb5b070f75b1d81a310b38e1830cd993e8ed2ae220b3ffb367f1fb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 693524aa0929b30f7cb61926eeca243fd703534cafe3adf3993bc05288dd9c5b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E618D302442429FE710DF14C494F1ABBE1AF44318F58849DE4668F7A3C7BAED46CB96
                                                                                                                                                                                                                                                                                                                                                      Function 00453886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00453925
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0045393A
                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00453954
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00453999
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,?), ref: 004539C6
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001061,?,0000000F), ref: 004539F4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 973ebca75032a0e647134a64798d683a97aeb431d50ccb37db2a174a9628f891
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b08723bc43d5d559ecac8acb68b7532ce7db231fb979519dc20bd8bb30a23c86
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 973ebca75032a0e647134a64798d683a97aeb431d50ccb37db2a174a9628f891
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4941C371A00319ABEB219F64CC45BEB7BA9EF08391F100526F944E7282D774DE84CB98
                                                                                                                                                                                                                                                                                                                                                      Function 0042BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0042BCFD
                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(00000000), ref: 0042BD1D
                                                                                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 0042BD53
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(01535B40), ref: 0042BDA4
                                                                                                                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(01535B40,?,00000001,00000030), ref: 0042BDCC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9c485ca23af8c9106ef1a9ef4777c0d026dc456dc677d1b7b7e927b8aaf75110
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: aa9bc73999b97f04709911f0681ae7875e14e9b347d15e2725f201a7132baf50
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c485ca23af8c9106ef1a9ef4777c0d026dc456dc677d1b7b7e927b8aaf75110
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE51FF70B00329ABDB11CFA9E8C4BEEBBF4EF44314F54412AE45197391D7789941CB99
                                                                                                                                                                                                                                                                                                                                                      Function 003E2D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 003E2D4B
                                                                                                                                                                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 003E2D53
                                                                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 003E2DE1
                                                                                                                                                                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 003E2E0C
                                                                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 003E2E61
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                      • String ID: &H>$csm
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1170836740-3797664976
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9ccb6a3f90a5f108056ff6f51a9364429080ac67a1f14a700d5b87f8e25604b1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 92a2de8410d9133b1f3e22fc2b236743f56fa01f46097768eb3d03e54bb12f82
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ccb6a3f90a5f108056ff6f51a9364429080ac67a1f14a700d5b87f8e25604b1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A41D634E00268DBCF11DF6ACC45A9FBBB8BF44314F158266E9246B3D2D771AA05CB90
                                                                                                                                                                                                                                                                                                                                                      Function 0042C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000000,00007F03), ref: 0042C913
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                      • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3a843931bc72992950907dd018f81b9f278bcdd78439c245ad9a2d23456c5925
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 168ddb75b887fe2d1169ece4e9886e4e823c989ea2b94c37728d50d45701ed35
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a843931bc72992950907dd018f81b9f278bcdd78439c245ad9a2d23456c5925
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99112E71789326BAA7016B54ACC2D9F679CDF15325BA0003BF500AB2C2D7A85D4053AD
                                                                                                                                                                                                                                                                                                                                                      Function 0042ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2c07ead07e2a7997df2d62f3d41c5489d0009a6d63e1fd47ce4a65a7dd2acbb2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 00160e4a6bba36417043b9a3945177d83b682e49f13ac43c4ad98e17478a5b9a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c07ead07e2a7997df2d62f3d41c5489d0009a6d63e1fd47ce4a65a7dd2acbb2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C41A565D10268B5CB12EBF6888A9CF77A8AF45310F504A63F614F7162FB34D245C3EA
                                                                                                                                                                                                                                                                                                                                                      Function 003DF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0041682C,00000004,00000000,00000000), ref: 003DF953
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0041682C,00000004,00000000,00000000), ref: 0041F3D1
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0041682C,00000004,00000000,00000000), ref: 0041F454
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b01d1f8c0017c4eb526d2d5d6019973a4f0e0bc780c88d8a5118e274a572b795
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fd09d39840631df3d4801416a32eb6314551ba176c9aa1739414215fdcc4ca75
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b01d1f8c0017c4eb526d2d5d6019973a4f0e0bc780c88d8a5118e274a572b795
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF417B32A08780BEC73B8B29E8E876A7B95AB56314F15403FE04B56B61C735E8C5CB15
                                                                                                                                                                                                                                                                                                                                                      Function 00452D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00452D1B
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00452D23
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00452D2E
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00452D3A
                                                                                                                                                                                                                                                                                                                                                      • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00452D76
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00452D87
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00455A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00452DC2
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00452DE1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 921527aaecd3bc710467d206986c6002e0c6bd0bf06a9ec8a6a970f8d3119a97
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ab68c1263eac8b2ded649dad351e81e35e25dabfde81064913e756d8618bb423
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 921527aaecd3bc710467d206986c6002e0c6bd0bf06a9ec8a6a970f8d3119a97
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF317172101314BFEB114F50CC89FEB3BA9EF09756F044066FE089A292C6B59C55CBA8
                                                                                                                                                                                                                                                                                                                                                      Function 00425622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 012bc2930f8f5a2cadcae2a0a3e16a02e369b290f80981581e704748d338d3f9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4952fb11b1291e49810749d95028b5d3c08c9ca2a4fe6e3dd3816c8b2bd1c57d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 012bc2930f8f5a2cadcae2a0a3e16a02e369b290f80981581e704748d338d3f9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B21C575B41A6977D2159521AE82FBB335CAE20385F940033FD089E782F73CED1981AE
                                                                                                                                                                                                                                                                                                                                                      Function 00444FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5537944fb8ec6cb39b4edd395787f580a80b73c4c7960aab47a2514c81f4bc26
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f4cfe11802a13d37cc531941387685871306d7102f22fa992aac4aede716f849
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5537944fb8ec6cb39b4edd395787f580a80b73c4c7960aab47a2514c81f4bc26
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4D1C275A0060AAFEF10CFA8C881FAEB7B5BF48344F14846AE915AB382D774DD45CB54
                                                                                                                                                                                                                                                                                                                                                      Function 00401522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,004017FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 004015CE
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,004017FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00401651
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,004017FB,?,004017FB,00000000,00000000,?,00000000,?,?,?,?), ref: 004016E4
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,004017FB,00000000,00000000,?,00000000,?,?,?,?), ref: 004016FB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003F3820: RtlAllocateHeap.NTDLL(00000000,?,00491444,?,003DFDF5,?,?,003CA976,00000010,00491440,003C13FC,?,003C13C6,?,003C1129), ref: 003F3852
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,004017FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00401777
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 004017A2
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 004017AE
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c82536da1a4812e865009f55528702c022a26a9a27ef43fa809578e0d8f6abcc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2447502e4e22f97b44d920acaa0c4551e28cd9e899fda357b4a0c64c028a5af5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c82536da1a4812e865009f55528702c022a26a9a27ef43fa809578e0d8f6abcc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51918171E10216AEDB218E64CC81AEF7BB59F45310F18467AE905FB2E1D739DC41CB68
                                                                                                                                                                                                                                                                                                                                                      Function 00444523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                      • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 23aa28b316e9ec4e0ae8d4a2bbd1191099de7a679007bf574e1d7f4f5d680611
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 06a2c803b2e5462c4c372221c99b103ac05d50efb31824b556e1c4bd8d199fca
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23aa28b316e9ec4e0ae8d4a2bbd1191099de7a679007bf574e1d7f4f5d680611
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3891C871900215AFEF20CF94C884FAFB7B8EF86714F10855AF505AB281D7789942CFA4
                                                                                                                                                                                                                                                                                                                                                      Function 00431187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0043125C
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00431284
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 004312A8
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 004312D8
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0043135F
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 004313C4
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00431430
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fc9478b16f86cdb6c545ad04fa6ecfe3b4d4fef4bd538d921c6177fd425ea36c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 267396c0f121eba08283341770a87387f98813c37ae77daf9461f5e753e2dfb3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc9478b16f86cdb6c545ad04fa6ecfe3b4d4fef4bd538d921c6177fd425ea36c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08910371A002189FDB01DF94C885BBEB7B5FF49325F10506BE911EB2A1D778E942CB98
                                                                                                                                                                                                                                                                                                                                                      Function 003D948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b688e38a86e304598ba523499233de33c725aa065ad8cfaa41594eff6f7eb236
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 163bcf8e6faf692fc7d742cf80a7ad2ab9f02b18d12a61f541d0e5f3b6e0fad7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b688e38a86e304598ba523499233de33c725aa065ad8cfaa41594eff6f7eb236
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8913872D00219EFCB11CFA9DC84AEEBBB9FF49320F144156E915B7251D378AA42CB60
                                                                                                                                                                                                                                                                                                                                                      Function 00443947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0044396B
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00443A7A
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00443A8A
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00443C1F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00430CDF: VariantInit.OLEAUT32(00000000), ref: 00430D1F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00430CDF: VariantCopy.OLEAUT32(?,?), ref: 00430D28
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00430CDF: VariantClear.OLEAUT32(?), ref: 00430D34
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 60b234f9ae97a321439452702049ab7695185ac1e0110066f8b9901cca0d0bd4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: da29af33d7d920d19dee2f0df69ef3d9212b69a5e37e0a3435ab71d3433a5138
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 60b234f9ae97a321439452702049ab7695185ac1e0110066f8b9901cca0d0bd4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50918C756083419FC700EF24C480A2AB7E4FF89715F14886EF88A9B352DB35EE05CB96
                                                                                                                                                                                                                                                                                                                                                      Function 00444BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0041FF41,80070057,?,?,?,0042035E), ref: 0042002B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0041FF41,80070057,?,?), ref: 00420046
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0041FF41,80070057,?,?), ref: 00420054
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0041FF41,80070057,?), ref: 00420064
                                                                                                                                                                                                                                                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00444C51
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00444D59
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00444DCF
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(?), ref: 00444DDA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                      • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 23827f1ca42ac9bb4ff76a5b4c22bef2d3417c324f857cb3026a1ee9d04ca462
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 89026d48201acf8dcbbb15fa935b5985940e1ed3971b5cb6dcd841a81adbe3b6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23827f1ca42ac9bb4ff76a5b4c22bef2d3417c324f857cb3026a1ee9d04ca462
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48911471D0021DAFEF11DFA4D891EEEB7B8BF48304F10816AE915AB241DB349E458FA4
                                                                                                                                                                                                                                                                                                                                                      Function 004520FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenu.USER32(?), ref: 00452183
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00000000), ref: 004521B5
                                                                                                                                                                                                                                                                                                                                                      • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 004521DD
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00452213
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,?), ref: 0045224D
                                                                                                                                                                                                                                                                                                                                                      • GetSubMenu.USER32(?,?), ref: 0045225B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00423A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00423A57
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00423A3D: GetCurrentThreadId.KERNEL32 ref: 00423A5E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00423A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,004225B3), ref: 00423A65
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 004522E3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042E97B: Sleep.KERNEL32 ref: 0042E9F3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: eeed831c57bf4ae1b2efca02c8e3b7e598ea7b30df57c40675da57ba7535aa4f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 18eeb08755aceb9760d92db6452c487e94c88115aa67391ccfd5de83990123f0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eeed831c57bf4ae1b2efca02c8e3b7e598ea7b30df57c40675da57ba7535aa4f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D71C335A00215AFCB11DF64C981AAEB7F1EF49311F1484AAF816EB342D778EE418F94
                                                                                                                                                                                                                                                                                                                                                      Function 0042AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 0042AEF9
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 0042AF0E
                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 0042AF6F
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000010,?), ref: 0042AF9D
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000011,?), ref: 0042AFBC
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000012,?), ref: 0042AFFD
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0042B020
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f8c720a691b8c5076bd4ea5f15f6c6e57ded004c71f78db3eb32c9e5937e7c80
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: adbd0471ee7338062a73e1224686eb200567d000a6a59a467136d1c89dfd8221
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8c720a691b8c5076bd4ea5f15f6c6e57ded004c71f78db3eb32c9e5937e7c80
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1151F2A07047E13EFB3742349845BBBBFE99B06304F48848AE5D5455C3C79CAC94D7A9
                                                                                                                                                                                                                                                                                                                                                      Function 0042ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(00000000), ref: 0042AD19
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 0042AD2E
                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 0042AD8F
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0042ADBB
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0042ADD8
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0042AE17
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0042AE38
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 612cd0ed9e4218a95ed2096ab2807b04072378a1306ccf1271e624a793cdd775
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0a551b861ad9b1bd79d740023a572251006e001bf7384c692964a04d935e7980
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 612cd0ed9e4218a95ed2096ab2807b04072378a1306ccf1271e624a793cdd775
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B5128A07547E13EFB328334AC45B7BBE995B05300F48848AE5D5469C3D39CECA9D36A
                                                                                                                                                                                                                                                                                                                                                      Function 003F542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleCP.KERNEL32(00403CD6,?,?,?,?,?,?,?,?,003F5BA3,?,?,00403CD6,?,?), ref: 003F5470
                                                                                                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 003F54EB
                                                                                                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 003F5506
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00403CD6,00000005,00000000,00000000), ref: 003F552C
                                                                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,00403CD6,00000000,003F5BA3,00000000,?,?,?,?,?,?,?,?,?,003F5BA3,?), ref: 003F554B
                                                                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000001,003F5BA3,00000000,?,?,?,?,?,?,?,?,?,003F5BA3,?), ref: 003F5584
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 50f855548d12f342c08f80353dd624734cb5698a7d76b8a5f3bdc94f815beefa
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6b37036efdafaddbb8535c0b8e7e5cb2948ec3ae65bc13717193528969d730e9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 50f855548d12f342c08f80353dd624734cb5698a7d76b8a5f3bdc94f815beefa
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC51A3719007499FDB11CFA8D885AEEBBF9EF09300F14412AE656E7291D770DA41CB64
                                                                                                                                                                                                                                                                                                                                                      Function 004410B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0044307A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044304E: _wcslen.LIBCMT ref: 0044309B
                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00441112
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00441121
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 004411C9
                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 004411F9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 34364c4ec56b21ad74c3976a4521c3a11db6e5cf096b656767fe163c5b4288d7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d35864707a6dd4a3fc40a3c7b12bf4ce3d8d91c6ad8f1496de8e15f9ae8bd738
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34364c4ec56b21ad74c3976a4521c3a11db6e5cf096b656767fe163c5b4288d7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2141E931600204AFEB109F14C885BAAB7E9EF49355F14805AFD159B392D774ED81CBE5
                                                                                                                                                                                                                                                                                                                                                      Function 0042CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0042CF22,?), ref: 0042DDFD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0042CF22,?), ref: 0042DE16
                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 0042CF45
                                                                                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 0042CF7F
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0042D005
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0042D01B
                                                                                                                                                                                                                                                                                                                                                      • SHFileOperationW.SHELL32(?), ref: 0042D061
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: db648ef9551e5f1ba3f0f5a957d87d6764310922f33f199ed2c7405fae3dd36a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: aa9a77f0e0f39288acc21538b1d7b9aa1604242b820da928c428d52c0fc06956
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db648ef9551e5f1ba3f0f5a957d87d6764310922f33f199ed2c7405fae3dd36a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB415771D452285EDF12EBA4DA81ADE77B8AF08340F5100E7E545EB182EB38A644CB54
                                                                                                                                                                                                                                                                                                                                                      Function 00452DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00452E1C
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00452E4F
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00452E84
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00452EB6
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00452EE0
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00452EF1
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00452F0B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c20ab7f9c9c8f06680d387585dd42d3cc0fbff788e8269371177d453112fd4e4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1f8fd52df8fdc990afca85fd3cb9518bc3bf33eda68b7ee3c5650b86370c3cf6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c20ab7f9c9c8f06680d387585dd42d3cc0fbff788e8269371177d453112fd4e4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87311331604251AFDB21CF58ED86F6637E0EB9A712F140176F9009F2B2CBB5E944DB09
                                                                                                                                                                                                                                                                                                                                                      Function 00427726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00427769
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0042778F
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 00427792
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 004277B0
                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 004277B9
                                                                                                                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 004277DE
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 004277EC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b1e23b16f87a6e9feb9e17ad2df0aeebc583d03d713bd870c832067c5aaab7a9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b5c4e54ea9498c220bd3481b54d82bfe360453a67da3a0753f0b5d1d0e4c7ff6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1e23b16f87a6e9feb9e17ad2df0aeebc583d03d713bd870c832067c5aaab7a9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8821B276604329AFDB10EFA8EC88CBB77ACEB493647408036F905DB251D674EC41CB68
                                                                                                                                                                                                                                                                                                                                                      Function 004277FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00427842
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00427868
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 0042786B
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32 ref: 0042788C
                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32 ref: 00427895
                                                                                                                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 004278AF
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 004278BD
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d4db6658f101105ebfb0a0e48569daa27da0e4207d8a99b2658671f8816e6fea
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0636e58dd36bbfa2a64f39fc935645fd5e0a6a7c46c10155607dd7bbb041638e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4db6658f101105ebfb0a0e48569daa27da0e4207d8a99b2658671f8816e6fea
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8217435704224AFDB10AFA9ECC8DAB77ECEF097607508126F915CB2A1D674DC45CB68
                                                                                                                                                                                                                                                                                                                                                      Function 004304D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(0000000C), ref: 004304F2
                                                                                                                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0043052E
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                      • String ID: nul
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0c4a41673afce055c69c84125ce80d2ba803ccc6707eaa9e0f47e7c2885c3a65
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 848bfa756e34d756c4fabd01336ab0c3147c884f7dcaefcc579e48eedab30f3e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c4a41673afce055c69c84125ce80d2ba803ccc6707eaa9e0f47e7c2885c3a65
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4216B75900305AFDB209F29DC54A9A7BA4AF48724F204B2AF8A1D62E0D774D940CF28
                                                                                                                                                                                                                                                                                                                                                      Function 004305A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6), ref: 004305C6
                                                                                                                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00430601
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                      • String ID: nul
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: faff5fce8a5b808eda29b1c829046fd7d7db9a876ccb326b6c5d3f4cd9b9262a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 09bd5a427b25c01e64a5e23a341a69a4d87c588852493b27edd17f64937671de
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: faff5fce8a5b808eda29b1c829046fd7d7db9a876ccb326b6c5d3f4cd9b9262a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7921A135500305AFDB209F69CC55A9B77E8BF89B20F200B1AF8A1E72E4D7749860CB18
                                                                                                                                                                                                                                                                                                                                                      Function 004540AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 003C604C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C600E: GetStockObject.GDI32(00000011), ref: 003C6060
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 003C606A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00454112
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0045411F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0045412A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00454139
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00454145
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2c8db99e8ae3d41d645ed7a7fa7111b70cf87ed33b56b9638d0d67858a1e1dcb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: db4df97269f256cfb8a821e60e817f3f76bd8bd46736e3fa0882d02e54164589
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c8db99e8ae3d41d645ed7a7fa7111b70cf87ed33b56b9638d0d67858a1e1dcb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7911E6B11402197EEF119F64CC85EE77F5DEF08798F104111FA18A6150C776DC61DBA4
                                                                                                                                                                                                                                                                                                                                                      Function 003FD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003FD7A3: _free.LIBCMT ref: 003FD7CC
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FD82D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003F29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,003FD7D1,00000000,00000000,00000000,00000000,?,003FD7F8,00000000,00000007,00000000,?,003FDBF5,00000000), ref: 003F29DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003F29C8: GetLastError.KERNEL32(00000000,?,003FD7D1,00000000,00000000,00000000,00000000,?,003FD7F8,00000000,00000007,00000000,?,003FDBF5,00000000,00000000), ref: 003F29F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FD838
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FD843
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FD897
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FD8A2
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FD8AD
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FD8B8
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f56d47b54762d00f076d4df3e8209037f10842f2303ff5f2ee97015daef1ffa7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E112171580B0CEAD523BFB0CC4BFEB7BDD6F05700F404825B399AE4A2DB66B5194650
                                                                                                                                                                                                                                                                                                                                                      Function 0042DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0042DA74
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 0042DA7B
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0042DA91
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 0042DA98
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0042DADC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      • %s (%d) : ==> %s: %s %s, xrefs: 0042DAB9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0c7fca70ccda6148753649fda6bc583e07f66b31a9f647f77525675a135c4919
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 08694399e1bde986b731adeb4277caace0ea61fed58fe5a0e9fb2fba2fd4d5d9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c7fca70ccda6148753649fda6bc583e07f66b31a9f647f77525675a135c4919
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC0167F29003187FE71197A09DC9EEB366CE708706F404466B705E2042EA749E848F78
                                                                                                                                                                                                                                                                                                                                                      Function 0043096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(0152E8A0,0152E8A0), ref: 0043097B
                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0152E880,00000000), ref: 0043098D
                                                                                                                                                                                                                                                                                                                                                      • TerminateThread.KERNEL32(?,000001F6), ref: 0043099B
                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000003E8), ref: 004309A9
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 004309B8
                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(0152E8A0,000001F6), ref: 004309C8
                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0152E880), ref: 004309CF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0d188220de1c899720dd417c098eebb166222562a4831c0fb1c856437fe4ed5d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 427973373447b668ff7a4a06904bca77cf300fd9c4b68ead8c4b91967b8ed7db
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d188220de1c899720dd417c098eebb166222562a4831c0fb1c856437fe4ed5d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CEF01D71442B02AFD7415B94EEC8BDA7A25FF05702F402126F102508A2CB74D465CF98
                                                                                                                                                                                                                                                                                                                                                      Function 00441C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00441DC0
                                                                                                                                                                                                                                                                                                                                                      • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00441DE1
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00441DF2
                                                                                                                                                                                                                                                                                                                                                      • htons.WSOCK32(?,?,?,?,?), ref: 00441EDB
                                                                                                                                                                                                                                                                                                                                                      • inet_ntoa.WSOCK32(?), ref: 00441E8C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004239E8: _strlen.LIBCMT ref: 004239F2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00443224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0043EC0C), ref: 00443240
                                                                                                                                                                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00441F35
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 27582d47fe3c606b477e0486b796d7b81e037ad752decf3ddd9dda7045635c4c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3d923def19b294f55b82d128977747782cdee5cd136bf712b5fc3bb02a6a2cc7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27582d47fe3c606b477e0486b796d7b81e037ad752decf3ddd9dda7045635c4c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0B1DE71204340AFD324DF24C885F2ABBA5AF84318F54894EF4569F3A2CB35ED86CB95
                                                                                                                                                                                                                                                                                                                                                      Function 003F01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 003F00BA
                                                                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003F00D6
                                                                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 003F00ED
                                                                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003F010B
                                                                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 003F0122
                                                                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003F0140
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b3d76673a39f61cb81dae04925355bae84dc6ede8cbbdf38f44b7627426e5320
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11811775600B0A9FE7269F2DCC41B7AB3A8AF41724F25463AF610DA6C2EBB0D9008750
                                                                                                                                                                                                                                                                                                                                                      Function 003F61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,003E82D9,003E82D9,?,?,?,003F644F,00000001,00000001,8BE85006), ref: 003F6258
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,003F644F,00000001,00000001,8BE85006,?,?,?), ref: 003F62DE
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 003F63D8
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 003F63E5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003F3820: RtlAllocateHeap.NTDLL(00000000,?,00491444,?,003DFDF5,?,?,003CA976,00000010,00491440,003C13FC,?,003C13C6,?,003C1129), ref: 003F3852
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 003F63EE
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 003F6413
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3043cbf01909bfd9997c366267ff18e67e73d3050ca890da61bef2a7b66fa98a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 741d59a624f3a48276b6144645839c40c5e2d6a568333d2e22dad4874421b4ff
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3043cbf01909bfd9997c366267ff18e67e73d3050ca890da61bef2a7b66fa98a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D51037260021AAFDB278F64CC82EBF77A9EB55710F16462AFE05DB150DB38DC44C660
                                                                                                                                                                                                                                                                                                                                                      Function 0044BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C9CB3: _wcslen.LIBCMT ref: 003C9CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0044B6AE,?,?), ref: 0044C9B5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044C998: _wcslen.LIBCMT ref: 0044C9F1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044C998: _wcslen.LIBCMT ref: 0044CA68
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044C998: _wcslen.LIBCMT ref: 0044CA9E
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0044BCCA
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0044BD25
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0044BD6A
                                                                                                                                                                                                                                                                                                                                                      • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0044BD99
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0044BDF3
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0044BDFF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 91078e956c015f2cdfd89595c676473f79204fff2fedb60319dc030e30ff3abf
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 55f1f0eed07a94d37cac7985fd6e1a351d69462e521788c766365631b5edbbb7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 91078e956c015f2cdfd89595c676473f79204fff2fedb60319dc030e30ff3abf
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82818D71108341AFD715DF24C885E2ABBE5FF84308F14859EF4598B2A2DB35ED45CB92
                                                                                                                                                                                                                                                                                                                                                      Function 0041F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000035), ref: 0041F7B9
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000001), ref: 0041F860
                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(0041FA64,00000000), ref: 0041F889
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(0041FA64), ref: 0041F8AD
                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(0041FA64,00000000), ref: 0041F8B1
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0041F8BB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 77b0d3d997fafa86c70de2e4a47fd9fe375ac2ba7676baadb076c692172b3ec0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d3f90e1884d2995fe760638bf695d9e214a14ddd707a9a51dedd2eb4b9516e53
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77b0d3d997fafa86c70de2e4a47fd9fe375ac2ba7676baadb076c692172b3ec0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA51F971510310FACF10BB65D895BA9B3A4EF45310F14446BE806DF292DB788C86CBAF
                                                                                                                                                                                                                                                                                                                                                      Function 0043910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C7620: _wcslen.LIBCMT ref: 003C7625
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C6B57: _wcslen.LIBCMT ref: 003C6B6A
                                                                                                                                                                                                                                                                                                                                                      • GetOpenFileNameW.COMDLG32(00000058), ref: 004394E5
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00439506
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0043952D
                                                                                                                                                                                                                                                                                                                                                      • GetSaveFileNameW.COMDLG32(00000058), ref: 00439585
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                      • String ID: X
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bbb9cec7e3267c64f5f15c97053e9424dbc3021d2709788f953f176b3e52b53e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1bec66071f7bbfd1978220ac23be5f2815656537a7a33bf0c4ba956b68b705e8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bbb9cec7e3267c64f5f15c97053e9424dbc3021d2709788f953f176b3e52b53e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09E19F716083409FC715DF24C881F6AB7E0BF89314F04896EE8899B3A2DB75ED45CB96
                                                                                                                                                                                                                                                                                                                                                      Function 003D920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 003D9BB2
                                                                                                                                                                                                                                                                                                                                                      • BeginPaint.USER32(?,?,?), ref: 003D9241
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 003D92A5
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 003D92C2
                                                                                                                                                                                                                                                                                                                                                      • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 003D92D3
                                                                                                                                                                                                                                                                                                                                                      • EndPaint.USER32(?,?,?,?,?), ref: 003D9321
                                                                                                                                                                                                                                                                                                                                                      • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 004171EA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D9339: BeginPath.GDI32(00000000), ref: 003D9357
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a6c04d2654e99f891416d906c44e39ab0dae0af4056914f75f30852ead4d3a60
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e1b79e58e78feec60f4684a5adfbb5a48b27e6c9cf8585690a6a54336793a0a9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a6c04d2654e99f891416d906c44e39ab0dae0af4056914f75f30852ead4d3a60
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B841AD71104301AFD712DF24DC84FAA7BB8EB59721F14063BF9948B2B2C7319845DB65
                                                                                                                                                                                                                                                                                                                                                      Function 004307EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F5), ref: 0043080C
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00430847
                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 00430863
                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 004308DC
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 004308F3
                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 00430921
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7b20b2dbada3d221744615cf47d8020b486b578dfde1dee2002ebc1831567dbf
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e553f70f2c147209bd7284c8071f0641ddcf61702793e80ab7b6dadd7cff316c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b20b2dbada3d221744615cf47d8020b486b578dfde1dee2002ebc1831567dbf
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87414771900205AFDF15AF54DC85A6AB7B8FF08300F1441BAE9059E297DB34DE64DBA8
                                                                                                                                                                                                                                                                                                                                                      Function 004581DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0041F3AB,00000000,?,?,00000000,?,0041682C,00000004,00000000,00000000), ref: 0045824C
                                                                                                                                                                                                                                                                                                                                                      • EnableWindow.USER32(?,00000000), ref: 00458272
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000000), ref: 004582D1
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000004), ref: 004582E5
                                                                                                                                                                                                                                                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 0045830B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0045832F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d60ba009cae323ac9b1d8cb51b6644bc2bfd13f337311d7d03aa4f3ef210f96e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 87bb273c2e4a9b78960cdd7b9fcbbb25bf3f3a20dd6b6e51e5451f0fe3f64de1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d60ba009cae323ac9b1d8cb51b6644bc2bfd13f337311d7d03aa4f3ef210f96e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D419330601645AFDB12CF15C895BA57BE0BB09716F1841BEFD089B273CF36A849CB58
                                                                                                                                                                                                                                                                                                                                                      Function 00424C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 00424C95
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00424CB2
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00424CEA
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00424D08
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00424D10
                                                                                                                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 00424D1A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 06b596acc18d990c8517048b0102666bceafcc83c752efc920a224870962f699
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 76f2c724722d27d1d1eb0c2521ad23c2b926f6b1f0ffc7beffa56fc759efc6a4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06b596acc18d990c8517048b0102666bceafcc83c752efc920a224870962f699
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A121D7323042207FEB165B3ABC49E7B7B9CDF85750F50403AF805CE292DA65DD0196A4
                                                                                                                                                                                                                                                                                                                                                      Function 0043581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,003C3A97,?,?,003C2E7F,?,?,?,00000000), ref: 003C3AC2
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0043587B
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00435995
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(0045FCF8,00000000,00000001,0045FB68,?), ref: 004359AE
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 004359CC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4c6f1d4a18765b0e4aae4f249020cb4a1a813ddea6398292e7b86d8ea196273a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 85eacac38c5903681dff6b1a03097f5a5a510a8ffcfeeadbe28b4be873d6ae56
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c6f1d4a18765b0e4aae4f249020cb4a1a813ddea6398292e7b86d8ea196273a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63D151716087019FC714EF24C480A2ABBE1FF89714F14895EF88A9B361DB36ED45CB96
                                                                                                                                                                                                                                                                                                                                                      Function 0042175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00420FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00420FCA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00420FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00420FD6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00420FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00420FE5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00420FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00420FEC
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00420FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00421002
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000000,00421335), ref: 004217AE
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000000), ref: 004217BA
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 004217C1
                                                                                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000,00000000,?), ref: 004217DA
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000,00421335), ref: 004217EE
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 004217F5
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 33c74de873e918d0e7372cf7baa636171ba8d335c61f828d35e8b3e330166d99
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 298008354b9ce9fcfe992f605c4fc0d7fe8fc0c949e48ea1fe5bf0475cde37c6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33c74de873e918d0e7372cf7baa636171ba8d335c61f828d35e8b3e330166d99
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC11B131600715FFDB109FA4DC89BAFBBE9EB95356F50402AF44197222C739E940CB68
                                                                                                                                                                                                                                                                                                                                                      Function 004214CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 004214FF
                                                                                                                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00421506
                                                                                                                                                                                                                                                                                                                                                      • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00421515
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000004), ref: 00421520
                                                                                                                                                                                                                                                                                                                                                      • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0042154F
                                                                                                                                                                                                                                                                                                                                                      • DestroyEnvironmentBlock.USERENV(00000000), ref: 00421563
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0418c7a85d2cb0a6f2afb0f365493bd13f5d3758b7cc0f75f13b7bf1136b9a09
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ccac151368c23fb5b9ec905f9bdfbc55ea1e773237096765f9599a98cd5d4738
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0418c7a85d2cb0a6f2afb0f365493bd13f5d3758b7cc0f75f13b7bf1136b9a09
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8611477260020DAFDB119F98EE89BDA7BA9EB48745F044065FA05A2161C375CEA0DB64
                                                                                                                                                                                                                                                                                                                                                      Function 003E3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,003E3379,003E2FE5), ref: 003E3390
                                                                                                                                                                                                                                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 003E339E
                                                                                                                                                                                                                                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 003E33B7
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,003E3379,003E2FE5), ref: 003E3409
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d40ed334e56dcf16cbd5bf96ac93ae35060b46aae97dcf00ad553033a225b090
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8efd274fcce8a7d39a8d7751038545a9394b59df8ea64155c0fcee4f0e44e577
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d40ed334e56dcf16cbd5bf96ac93ae35060b46aae97dcf00ad553033a225b090
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9201B532609371AEA72727B77CCDA6B2A94DB067B5731033DF510871F1EF614D015A68
                                                                                                                                                                                                                                                                                                                                                      Function 003F2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,003F5686,00403CD6,?,00000000,?,003F5B6A,?,?,?,?,?,003EE6D1,?,00488A48), ref: 003F2D78
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F2DAB
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F2DD3
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,?,?,003EE6D1,?,00488A48,00000010,003C4F4A,?,?,00000000,00403CD6), ref: 003F2DE0
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,?,?,003EE6D1,?,00488A48,00000010,003C4F4A,?,?,00000000,00403CD6), ref: 003F2DEC
                                                                                                                                                                                                                                                                                                                                                      • _abort.LIBCMT ref: 003F2DF2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cf077ee51ad8bfe320d82e618a912e346dcb34fea5004f239d7bcaf7ac54b31b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 96e4e7f13e9dac437004c4fd0523b93612f744d07ce4142eae322d9a1300a557
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf077ee51ad8bfe320d82e618a912e346dcb34fea5004f239d7bcaf7ac54b31b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AF0A431585B0DFBC6132738BC5AA7F2559AFC27A1B260529FB34961A3EF2889014564
                                                                                                                                                                                                                                                                                                                                                      Function 00458A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 003D9693
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D9639: SelectObject.GDI32(?,00000000), ref: 003D96A2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D9639: BeginPath.GDI32(?), ref: 003D96B9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D9639: SelectObject.GDI32(?,00000000), ref: 003D96E2
                                                                                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00458A4E
                                                                                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,00000003,00000000), ref: 00458A62
                                                                                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00458A70
                                                                                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,00000000,00000003), ref: 00458A80
                                                                                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 00458A90
                                                                                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 00458AA0
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 62e16eaffd70326edb0763ca89c61dc17badf4b06537480ef247978c85d24bb5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b15f496a00a628792bccc36d13d4a38d9a99d9044da8f5500a17e896bbdc0100
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62e16eaffd70326edb0763ca89c61dc17badf4b06537480ef247978c85d24bb5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64111E7600020DFFDF129F90DC88EAA7F6CEB08351F048022BA15991A1C7719D55DF64
                                                                                                                                                                                                                                                                                                                                                      Function 004251FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00425218
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 00425229
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00425230
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00425238
                                                                                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0042524F
                                                                                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00425261
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 770f93b0996f78cbae88a28102c809095e842649feca4dfa4dc13956e036750d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 257dc09178b59a103220651401f3cb437c7bd1ed3ea74135bfead7938a24a65d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 770f93b0996f78cbae88a28102c809095e842649feca4dfa4dc13956e036750d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81014F75A00718BFEB109BA69C89A5EBFB8EB48752F044066FA04A7281D670D901CFA4
                                                                                                                                                                                                                                                                                                                                                      Function 003C1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(0000005B,00000000), ref: 003C1BF4
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000010,00000000), ref: 003C1BFC
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A0,00000000), ref: 003C1C07
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A1,00000000), ref: 003C1C12
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000011,00000000), ref: 003C1C1A
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 003C1C22
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8ff14d435075213520999dceae0885cdf32fb6de22ece4509a266c778c0af48a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fd25241413d5f7a812758b342be0c315c35ff35efd375642be06f78c27e15c0a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ff14d435075213520999dceae0885cdf32fb6de22ece4509a266c778c0af48a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C40167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                      Function 0042EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0042EB30
                                                                                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0042EB46
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 0042EB55
                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0042EB64
                                                                                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0042EB6E
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0042EB75
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ae0f6921c43373bfd1de3b2b13bab085673118395973953fc4bce80bdbe4c529
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: af118f23476c2d63ca46571ff01a0db781807d2d038017c33b2455c1c055eb1a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae0f6921c43373bfd1de3b2b13bab085673118395973953fc4bce80bdbe4c529
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AF03072240758BFE72157529C4DEEF3E7CEFCAB12F000169F601D1192D7A09A01CAB9
                                                                                                                                                                                                                                                                                                                                                      Function 00417439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?), ref: 00417452
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001328,00000000,?), ref: 00417469
                                                                                                                                                                                                                                                                                                                                                      • GetWindowDC.USER32(?), ref: 00417475
                                                                                                                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 00417484
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00417496
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000005), ref: 004174B0
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9a3ff1edddf400cc2a9b68282ef1883e51d65fee6108fc6a0731f6da2134e14a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b75b95e54a3f023f1c64891a0be37ea447a1d4a832dd33b42b78aec3635273ea
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a3ff1edddf400cc2a9b68282ef1883e51d65fee6108fc6a0731f6da2134e14a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D012831400315FFEB515FA4DC88BEA7BB5FB04312F510175F916A21A2CB315E51EB59
                                                                                                                                                                                                                                                                                                                                                      Function 00421874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0042187F
                                                                                                                                                                                                                                                                                                                                                      • UnloadUserProfile.USERENV(?,?), ref: 0042188B
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00421894
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0042189C
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 004218A5
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 004218AC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4507ace792bb98ef3ede1e6b7097a82d1c6029b89f32930a8de9359414990e46
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4df49e0bb12b9ac46dc6276ed9ff430edc5371f0b08476b5f9431ca6c471e7c0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4507ace792bb98ef3ede1e6b7097a82d1c6029b89f32930a8de9359414990e46
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8EE0C236004705BFDA016BA1ED4C90ABB69FB49B22B108230F22681472CB32A4A0DF58
                                                                                                                                                                                                                                                                                                                                                      Function 003CBBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 003CBEB3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                      • String ID: D%I$D%I$D%I$D%ID%I
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-700953525
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1deafe97bcbd94c57c77829c67972c36e78cdf0894efd479daed1e481902f657
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0479c9964641f4b84962cbee0ab69d6a87115296614a6ea87adbe776c315817c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1deafe97bcbd94c57c77829c67972c36e78cdf0894efd479daed1e481902f657
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB913875A0021ADFCB19CF68C092AAAF7B5FF58310F25816ED942EB350D771AD81CB90
                                                                                                                                                                                                                                                                                                                                                      Function 00447B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E0242: EnterCriticalSection.KERNEL32(0049070C,00491884,?,?,003D198B,00492518,?,?,?,003C12F9,00000000), ref: 003E024D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E0242: LeaveCriticalSection.KERNEL32(0049070C,?,003D198B,00492518,?,?,?,003C12F9,00000000), ref: 003E028A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C9CB3: _wcslen.LIBCMT ref: 003C9CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E00A3: __onexit.LIBCMT ref: 003E00A9
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 00447BFB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E01F8: EnterCriticalSection.KERNEL32(0049070C,?,?,003D8747,00492514), ref: 003E0202
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E01F8: LeaveCriticalSection.KERNEL32(0049070C,?,003D8747,00492514), ref: 003E0235
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: +TA$5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 535116098-86180196
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 62b9fa1540fd01b7c349c995dc837f67cd513b9eadc560db2f8f17a65a438ea4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 13dc6e353340a52f6bb47530efea2760a7ff48bd08be9f95edd9c26669f1996e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62b9fa1540fd01b7c349c995dc837f67cd513b9eadc560db2f8f17a65a438ea4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F91AF70A04209AFDB15EF54D881DAEB7B1FF44304F10805EF8069B392DB749E46CB59
                                                                                                                                                                                                                                                                                                                                                      Function 0042C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C7620: _wcslen.LIBCMT ref: 003C7625
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0042C6EE
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0042C735
                                                                                                                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0042C79C
                                                                                                                                                                                                                                                                                                                                                      • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0042C7CA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ac2b8ec7ee48a7f28cad7b222b9423aef46faa20b1038aea21dda119ad7dce4c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: decb87151b1e8c5bcbc608c8d22e46b4417040964fc4605cf228c3495f110321
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac2b8ec7ee48a7f28cad7b222b9423aef46faa20b1038aea21dda119ad7dce4c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E51CF717043229BD7119F28E8C5B6F77E4AF89310F440A2FF995D62A0DB68DD04CB5A
                                                                                                                                                                                                                                                                                                                                                      Function 0044AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ShellExecuteExW.SHELL32(0000003C), ref: 0044AEA3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C7620: _wcslen.LIBCMT ref: 003C7625
                                                                                                                                                                                                                                                                                                                                                      • GetProcessId.KERNEL32(00000000), ref: 0044AF38
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0044AF67
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ed6d1483783188e205d82b967aeed4e8f9df790fdee2af5d2cba37a78dee8f1b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 96869222b1650dc8e54b28dbe7124d09284aeec7cb1335923a316c5bcfca84e2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed6d1483783188e205d82b967aeed4e8f9df790fdee2af5d2cba37a78dee8f1b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF717670A00218DFDB11DF54C484A9EBBF0AF08300F14849EE81AAF3A2CB79ED55CB95
                                                                                                                                                                                                                                                                                                                                                      Function 0042719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00427206
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0042723C
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0042724D
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 004272CF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1598d50ee11c9aca89b34596cdaec27a000706d81cdbf59631ab1c8663678dfa
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3341b291ff6f2cd3b1e92c82081143ea83e3c6714b57bce0f84b7dac1c75a42d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1598d50ee11c9aca89b34596cdaec27a000706d81cdbf59631ab1c8663678dfa
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02419B71A04214EFDB15CF54D884B9A7BA9EF44314F6180AEFD05DF20AD7B8D944CBA8
                                                                                                                                                                                                                                                                                                                                                      Function 00452F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00452F8D
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?), ref: 00452F94
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00452FA9
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00452FB1
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 880167f70aab9959077a588923095f7b34a9a3d68524a7037b557725be67145e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8fce0cdefc4e8dd88f45f1b563e6203e5e0c62b77e9fbe42634ead3f051e8506
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 880167f70aab9959077a588923095f7b34a9a3d68524a7037b557725be67145e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3421D172204205AFEB104F64ED80FBB37B9EB5A325F10022BFD10D6292C3B5DC45A768
                                                                                                                                                                                                                                                                                                                                                      Function 003E4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,003E4D1E,003F28E9,?,003E4CBE,003F28E9,004888B8,0000000C,003E4E15,003F28E9,00000002), ref: 003E4D8D
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 003E4DA0
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,003E4D1E,003F28E9,?,003E4CBE,003F28E9,004888B8,0000000C,003E4E15,003F28E9,00000002,00000000), ref: 003E4DC3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 44b0beebd560c26704cdb22f69943af193c4d3df5387a14b88a948820018a32c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ca18fcb1e7cb7c135926f264e40dbcea0d01e36cbc04c92def54826de6f421c6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 44b0beebd560c26704cdb22f69943af193c4d3df5387a14b88a948820018a32c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20F04F34A40318BFDB119F91DC89BEEBBB5EF48752F0101A9F805A62A1DB749D40CB99
                                                                                                                                                                                                                                                                                                                                                      Function 003C4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?,003C4EDD,?,00491418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 003C4E9C
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 003C4EAE
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,003C4EDD,?,00491418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 003C4EC0
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 629c9d4d31ebc63620f61e9595623e102d0e2cdbd9bce6ffd9bba941cb75b364
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7cfe7ef621a9d966d2ed3781d92623e0f917879ef4fd1abb27bdb9da24e89063
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 629c9d4d31ebc63620f61e9595623e102d0e2cdbd9bce6ffd9bba941cb75b364
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2EE08635A02B229F92221B356C68F5F7654AF81F637070129FC00E2106DF64CD0186A8
                                                                                                                                                                                                                                                                                                                                                      Function 003C4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00403CDE,?,00491418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 003C4E62
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 003C4E74
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00403CDE,?,00491418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 003C4E87
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2e78dbdc2b6a1ff49dda8fe32869aabaaf08951c8cf89b77d7689fd8aa5fd93c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e14cd71880b13af0bf4bce3cc1c5af5f2a80ce3ed614330d906ead34745685e5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e78dbdc2b6a1ff49dda8fe32869aabaaf08951c8cf89b77d7689fd8aa5fd93c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7AD01236502B216B56231B397C68F8F6A18AF85F573170629BD05E6116CF64CD01CAD8
                                                                                                                                                                                                                                                                                                                                                      Function 00432947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00432C05
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00432C87
                                                                                                                                                                                                                                                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00432C9D
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00432CAE
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00432CC0
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4df0a008af55caaf7ea7e9081f292dce51a99919043c5109b0d2139a432b5976
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: af3ed01686c259aff9563482f7397246320f2e9ee8fd39586d2a04a3f61c09fd
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4df0a008af55caaf7ea7e9081f292dce51a99919043c5109b0d2139a432b5976
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FEB16D72D00129ABDF11EFA5CD85EDEB77DEF08304F1041AAF609E6181EA74AE448F65
                                                                                                                                                                                                                                                                                                                                                      Function 0044A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 0044A427
                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0044A435
                                                                                                                                                                                                                                                                                                                                                      • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0044A468
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0044A63D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 101f20ec2fba0bbd6cdc9fa7f9f3884c4205ba18c8a3226d64b7407a7ce0c2c8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3eec79a47161d4d008badfdda63aa2a9a92176fc20585a2552ce7f742db1d49b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 101f20ec2fba0bbd6cdc9fa7f9f3884c4205ba18c8a3226d64b7407a7ce0c2c8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18A1A071604300AFE721DF24D886F2AB7E5AF84714F14881DF99ADB392D774EC418B86
                                                                                                                                                                                                                                                                                                                                                      Function 003FBB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00463700), ref: 003FBB91
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,0049121C,000000FF,00000000,0000003F,00000000,?,?), ref: 003FBC09
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00491270,000000FF,?,0000003F,00000000,?), ref: 003FBC36
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FBB7F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003F29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,003FD7D1,00000000,00000000,00000000,00000000,?,003FD7F8,00000000,00000007,00000000,?,003FDBF5,00000000), ref: 003F29DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003F29C8: GetLastError.KERNEL32(00000000,?,003FD7D1,00000000,00000000,00000000,00000000,?,003FD7F8,00000000,00000007,00000000,?,003FDBF5,00000000,00000000), ref: 003F29F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FBD4B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0cb085f211647a859b1ba51a6018b479c896851b511bb13a88f547015a55b2d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ed17363dc7c0ff5a3416de6e43c3e5428b0f6c14e9f438df77971a63887be575
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0cb085f211647a859b1ba51a6018b479c896851b511bb13a88f547015a55b2d0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D51C6B190020DEFCB12EF65DC819BEF7BCAB41350B1142BBE654E71A1EB709D418B54
                                                                                                                                                                                                                                                                                                                                                      Function 0042E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0042CF22,?), ref: 0042DDFD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0042CF22,?), ref: 0042DE16
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042E199: GetFileAttributesW.KERNEL32(?,0042CF95), ref: 0042E19A
                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 0042E473
                                                                                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 0042E4AC
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0042E5EB
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0042E603
                                                                                                                                                                                                                                                                                                                                                      • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0042E650
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 68ad58f3e9859e9848a49da1777a63fb0998d4623f1af7e0afc56b70e6141f09
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 67633b6d4d42bec2811b8f1da71e2b8247225b7e704aa3d197b578f0f96b17a9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68ad58f3e9859e9848a49da1777a63fb0998d4623f1af7e0afc56b70e6141f09
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B51A3B25083955BC725EB91DC81ADF73DCAF84344F40492FF689D3191EF38A688876A
                                                                                                                                                                                                                                                                                                                                                      Function 0044B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C9CB3: _wcslen.LIBCMT ref: 003C9CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0044B6AE,?,?), ref: 0044C9B5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044C998: _wcslen.LIBCMT ref: 0044C9F1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044C998: _wcslen.LIBCMT ref: 0044CA68
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044C998: _wcslen.LIBCMT ref: 0044CA9E
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0044BAA5
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0044BB00
                                                                                                                                                                                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0044BB63
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?), ref: 0044BBA6
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0044BBB3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9d1cc68ab48d02593cd5b32dfc5e385683f43f8440a64a86f6a2f2e083587df8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d053a57e62fcf92161ee09459ff61470096e05158bcde0094dfc53f696d8f906
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d1cc68ab48d02593cd5b32dfc5e385683f43f8440a64a86f6a2f2e083587df8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41618F31208241AFE715DF14C895F2ABBE5FF84308F14855EF4998B2A2DB35ED45CB92
                                                                                                                                                                                                                                                                                                                                                      Function 00428BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00428BCD
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32 ref: 00428C3E
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32 ref: 00428C9D
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00428D10
                                                                                                                                                                                                                                                                                                                                                      • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00428D3B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 697acf31dbf21a218faa1cae4d0967d1123ca8da4609c7da37cfa15f3e165eb9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c17ac98989aeaeeead1dab5aff33071760fb347ceb49d431713ee9635461fb98
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 697acf31dbf21a218faa1cae4d0967d1123ca8da4609c7da37cfa15f3e165eb9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 845179B1A01219EFDB10CF68D884AAAB7F8FF89310B15856AE905DB350E734E911CF94
                                                                                                                                                                                                                                                                                                                                                      Function 00438AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00438BAE
                                                                                                                                                                                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00438BDA
                                                                                                                                                                                                                                                                                                                                                      • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00438C32
                                                                                                                                                                                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00438C57
                                                                                                                                                                                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00438C5F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f608c4d939abcfb9880ccd905ada0cdf5c1ffab87d182ffeae97cff4c1141e69
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 850e317b2bdd6e5c1518ddb0ac57f6f69ce6302bd1c9ce6d818e86eec64bd4e6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f608c4d939abcfb9880ccd905ada0cdf5c1ffab87d182ffeae97cff4c1141e69
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D513835A002159FCB01DF64C881E6ABBF5FF49314F088099F849AB362CB35ED51CB94
                                                                                                                                                                                                                                                                                                                                                      Function 00448EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00448F40
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00448FD0
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00448FEC
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00449032
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00449052
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003DF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00431043,?,7529E610), ref: 003DF6E6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003DF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0041FA64,00000000,00000000,?,?,00431043,?,7529E610,?,0041FA64), ref: 003DF70D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a38ea682757994714fb132949e723ca2886cf155e48b6e2e375af1e565f28be6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6c091a375204795b8443523ded9511720bfd6407dba790071126741d824f5b84
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a38ea682757994714fb132949e723ca2886cf155e48b6e2e375af1e565f28be6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E45136356006059FD711DF68C484DAEBBB1FF49314B0580AAE80A9B362DB35ED86CB95
                                                                                                                                                                                                                                                                                                                                                      Function 00456B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00456C33
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,?), ref: 00456C4A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00456C73
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0043AB79,00000000,00000000), ref: 00456C98
                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00456CC7
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: babf0cddcf7c28b1aace443e913c284aafd4fd445862a10752642cfc47d0ed57
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 424879bd973e6c3758ac39a6a800e3fe6407e79aadf29fc82fe01210f2602b4b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: babf0cddcf7c28b1aace443e913c284aafd4fd445862a10752642cfc47d0ed57
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14411D35604214AFD726CF28CC54FAA7BA4EB09351F96022AFC95E73E2C375ED45CA48
                                                                                                                                                                                                                                                                                                                                                      Function 003F2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ecc8b8166d90c375c5a712c38e02bf576768d36a1f8876b2ca6cce6f5aea48dd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5cd69152ccc51ca6ba55ff12f2db9824c844c9bc8e6c2415fad1e302762a3505
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ecc8b8166d90c375c5a712c38e02bf576768d36a1f8876b2ca6cce6f5aea48dd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A141B232A00208DFCB26DF78C981A6EB7A5EF89314F164569E615EF391DB31AD01CB90
                                                                                                                                                                                                                                                                                                                                                      Function 003D912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 003D9141
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(00000000,?), ref: 003D915E
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000001), ref: 003D9183
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000002), ref: 003D919D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 70ae9d93ad8aae42742f6f3a4d77c22d2a86753198d97f41e44049bfebe192b7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 46f084a99532293e6e747de6de269383215aa112e73dc8d852404420f185aa60
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70ae9d93ad8aae42742f6f3a4d77c22d2a86753198d97f41e44049bfebe192b7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51417F31A0861AFBDF0A9F64D844BEEB774FB05324F20822BE425A7391C7746994CB95
                                                                                                                                                                                                                                                                                                                                                      Function 00433874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetInputState.USER32 ref: 004338CB
                                                                                                                                                                                                                                                                                                                                                      • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00433922
                                                                                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 0043394B
                                                                                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 00433955
                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00433966
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1ca466c58f6b8959523fe33356393f587c9155c24969457f389b47af9ca9804a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d9fd4c277235513052822504b63a144e615445cf2e6f44c23c9ccfc402287a9a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ca466c58f6b8959523fe33356393f587c9155c24969457f389b47af9ca9804a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F731B5B0504346EEEB35DF359849BB73BA8AF1D306F04157BE452862A0E3B89685CB19
                                                                                                                                                                                                                                                                                                                                                      Function 0043CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0043C21E,00000000), ref: 0043CF38
                                                                                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,00000000,?,?), ref: 0043CF6F
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,?,?,?,0043C21E,00000000), ref: 0043CFB4
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000,?,?,?,0043C21E,00000000), ref: 0043CFC8
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000,?,?,?,0043C21E,00000000), ref: 0043CFF2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6c0b25497da0b29d343201cae4d86e8a7d1681c16b82de59d5cecff1c70f0f3c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e391a42879818a4c202140d907d665e016550a5f1269b724f109b7e6f97e8569
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c0b25497da0b29d343201cae4d86e8a7d1681c16b82de59d5cecff1c70f0f3c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53315A71900305AFDB20DFA5D8C49ABBBFAEB08315F10442FF506E6281DB34EE419B68
                                                                                                                                                                                                                                                                                                                                                      Function 00421901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00421915
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000001,00000201,00000001), ref: 004219C1
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?), ref: 004219C9
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000001,00000202,00000000), ref: 004219DA
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?), ref: 004219E2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a3f279a8bb8050716238d825b0724a81f1dc1a453f3b4a957bfea916a46de54d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7bd9a941908522a15be6a7c0d0301f4aecf737e337917b266914bec01249fc9e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3f279a8bb8050716238d825b0724a81f1dc1a453f3b4a957bfea916a46de54d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7731B3B1A00229EFCB00CFA8DD99ADE7BB5EB14315F104226F921A72E1C774D954CB94
                                                                                                                                                                                                                                                                                                                                                      Function 00455706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00455745
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001074,?,00000001), ref: 0045579D
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 004557AF
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 004557BA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00455816
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4e7e12a8653f2b8318eeeedd92b866b7a1fd0149559cd2592ede777415098c3a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8c237fbbe15825d16c6c277e074b365d6f326072e232053ec2d9629cfbbcdb7c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e7e12a8653f2b8318eeeedd92b866b7a1fd0149559cd2592ede777415098c3a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 892184759046189ADB21DFA0CC84AFE77B8FF05326F104227ED19EA282D7788989CF54
                                                                                                                                                                                                                                                                                                                                                      Function 00440930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 00440951
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00440968
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 004409A4
                                                                                                                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,00000003), ref: 004409B0
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000003), ref: 004409E8
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 785799f77482ffa58320d1a458bfa8d6071fee8fa98b8f8709a744a54b5e69f5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6a382a76491d01c3da7414e99821975d68cd6d9c43a4ba1ef98d9ae45e3053e1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 785799f77482ffa58320d1a458bfa8d6071fee8fa98b8f8709a744a54b5e69f5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08215B75600214AFD704EF65C985AAEBBE9EF49701F04846DE84AD7762CA34ED04CB94
                                                                                                                                                                                                                                                                                                                                                      Function 003FCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 003FCDC6
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003FCDE9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003F3820: RtlAllocateHeap.NTDLL(00000000,?,00491444,?,003DFDF5,?,?,003CA976,00000010,00491440,003C13FC,?,003C13C6,?,003C1129), ref: 003F3852
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 003FCE0F
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FCE22
                                                                                                                                                                                                                                                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 003FCE31
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 45afdd945bdff3f9a7459f432f276dddb2857531b15a0433578ca62332cb6a08
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 29b67079cc62e1a6ab736b17fb07562cf930c834cb0fb8203be6a1314f3634f1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45afdd945bdff3f9a7459f432f276dddb2857531b15a0433578ca62332cb6a08
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70012472A5131D7F632216B66D88CBB696CEEC2BA23161129FE00C7201EA60CD0181F0
                                                                                                                                                                                                                                                                                                                                                      Function 003D9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 003D9693
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 003D96A2
                                                                                                                                                                                                                                                                                                                                                      • BeginPath.GDI32(?), ref: 003D96B9
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 003D96E2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4470e911f34eaa9502cec1697749a796c9252ce5d42785e3cdb2b6dfc2e24415
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2fb4511f0dcc76f22062f67b04ee6217b25c8d63e60a5d76f185adb06248b017
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4470e911f34eaa9502cec1697749a796c9252ce5d42785e3cdb2b6dfc2e24415
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 702183B1802306EFDB129F64EC447A93B78BB60765F104237F410A62B1D370D891CF98
                                                                                                                                                                                                                                                                                                                                                      Function 00425711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6bd81eaa2e8cb5d742e76b8c830346c7d546746a167ece4978093409e5f04e98
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 281e192a6a05759914793b54476fa48d041eaeb8ad5cf232a11a2e2595ffdfd5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6bd81eaa2e8cb5d742e76b8c830346c7d546746a167ece4978093409e5f04e98
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B801D675781665BAD2099511AD42FBB634C9BA03A5F900032FD049E782F638FD1582AA
                                                                                                                                                                                                                                                                                                                                                      Function 003F2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,003EF2DE,003F3863,00491444,?,003DFDF5,?,?,003CA976,00000010,00491440,003C13FC,?,003C13C6), ref: 003F2DFD
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F2E32
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F2E59
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,003C1129), ref: 003F2E66
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,003C1129), ref: 003F2E6F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cf569fe04c3705ea84ce444f438344bfaa240170fae43d7f0abbcdfd2249777c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3994029791b85eca5d17be984b5cd70417def35475c7336b8cff95265981ff1f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf569fe04c3705ea84ce444f438344bfaa240170fae43d7f0abbcdfd2249777c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A01F93224570CFBC61327746C85D3F195DABE17617310539FB2196193EB74CC014120
                                                                                                                                                                                                                                                                                                                                                      Function 0042000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0041FF41,80070057,?,?,?,0042035E), ref: 0042002B
                                                                                                                                                                                                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0041FF41,80070057,?,?), ref: 00420046
                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0041FF41,80070057,?,?), ref: 00420054
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0041FF41,80070057,?), ref: 00420064
                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0041FF41,80070057,?,?), ref: 00420070
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: daa5c3a47a90901e15d978bdedd45611216c27580b54cee4f6c2bcfeb4fa62b4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e9284e259f2fcbe1b0a264c2dbbeb83fa5ec969deae074a084b97e86d58c28c1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: daa5c3a47a90901e15d978bdedd45611216c27580b54cee4f6c2bcfeb4fa62b4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2018F72700324BFEB105F68FC84BAA7AEDEB44753F144125F905D2222E779DD408BA8
                                                                                                                                                                                                                                                                                                                                                      Function 0042E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 0042E997
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceFrequency.KERNEL32(?), ref: 0042E9A5
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 0042E9AD
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 0042E9B7
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32 ref: 0042E9F3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2b6b8e9a11d3d9437b00b3dab22bc6d00710193bad68a4b1f0208acc73c37290
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c7dd1e620f507a1f366167603c350ac56fa5f5bfb3644ba881add049f4b7edac
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b6b8e9a11d3d9437b00b3dab22bc6d00710193bad68a4b1f0208acc73c37290
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E018B71D00639DBCF00ABE6E9896DEBB78BB09301F400167E502B2241CB788581CBAA
                                                                                                                                                                                                                                                                                                                                                      Function 004210F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00421114
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,00000000,?,?,00420B9B,?,?,?), ref: 00421120
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00420B9B,?,?,?), ref: 0042112F
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00420B9B,?,?,?), ref: 00421136
                                                                                                                                                                                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0042114D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cc13a86baee97c0edc8667929f9180fc69fafe63abe3aa719128640ab77f8b19
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 333d7cbc693fe206e6f158e18e1bc101bb7112e9d762e0a7f7b4c2b36df9f47c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc13a86baee97c0edc8667929f9180fc69fafe63abe3aa719128640ab77f8b19
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98016975200315BFDB114FA4EC89A6B3FAEEF893A1B200429FA41D3361EA31DC10CE64
                                                                                                                                                                                                                                                                                                                                                      Function 00420FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00420FCA
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00420FD6
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00420FE5
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00420FEC
                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00421002
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f5fb7f58e62dda0037474a3006ca9efe627266bdf182737c267e6211f0782183
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 91638b364035e261986e0b0a9f8e4b1e6f1786e20bbdf378db733483396d3a5a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5fb7f58e62dda0037474a3006ca9efe627266bdf182737c267e6211f0782183
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AF0AF35200315AFDB210FA5AC89F5B3BADEF89762F500425F905D62A2CA30DC40CA64
                                                                                                                                                                                                                                                                                                                                                      Function 00421014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0042102A
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00421036
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00421045
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0042104C
                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00421062
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5c3ac39260f9a4c7556d0bea2783441443e079b734029f6a8ab5e770dc453550
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 112b0af1934404e99b1806531a09bb79e1207b411940331c44549fcf105fc29e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c3ac39260f9a4c7556d0bea2783441443e079b734029f6a8ab5e770dc453550
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65F0C235200315EFDB211FA5EC88F5B3BADEF89762F100425F905D72A1CA30D880CA64
                                                                                                                                                                                                                                                                                                                                                      Function 0043030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0043017D,?,004332FC,?,00000001,00402592,?), ref: 00430324
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0043017D,?,004332FC,?,00000001,00402592,?), ref: 00430331
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0043017D,?,004332FC,?,00000001,00402592,?), ref: 0043033E
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0043017D,?,004332FC,?,00000001,00402592,?), ref: 0043034B
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0043017D,?,004332FC,?,00000001,00402592,?), ref: 00430358
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0043017D,?,004332FC,?,00000001,00402592,?), ref: 00430365
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fdbedd68a512982f90b9148781f23079a8762764cf4d30d2922d552f668fb1e4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 07fdb5c93691d2fbabc12141b00afcdfd8548844f425956ab26ea3a9709bea85
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fdbedd68a512982f90b9148781f23079a8762764cf4d30d2922d552f668fb1e4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A001D872800B058FCB30AF66D8A0813FBF9BF602053149A3FD19252A31C3B4A988CE84
                                                                                                                                                                                                                                                                                                                                                      Function 003FD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FD752
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003F29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,003FD7D1,00000000,00000000,00000000,00000000,?,003FD7F8,00000000,00000007,00000000,?,003FDBF5,00000000), ref: 003F29DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003F29C8: GetLastError.KERNEL32(00000000,?,003FD7D1,00000000,00000000,00000000,00000000,?,003FD7F8,00000000,00000007,00000000,?,003FDBF5,00000000,00000000), ref: 003F29F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FD764
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FD776
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FD788
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003FD79A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1c99990ab2124b186b01b9b01f4837167bc4e7470f95e6e6030b3f28902c0afd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c477b5ace397bfd2bfb7cb0ed4b8b0062afa9cf774555f1e221aa202ab5d5c82
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c99990ab2124b186b01b9b01f4837167bc4e7470f95e6e6030b3f28902c0afd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3F03C7258020DAB8622FB64F9C9C2B77DEBB053107A50C19F648EB511C730FC808674
                                                                                                                                                                                                                                                                                                                                                      Function 00425C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00425C58
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,?,00000100), ref: 00425C6F
                                                                                                                                                                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 00425C87
                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,0000040A), ref: 00425CA3
                                                                                                                                                                                                                                                                                                                                                      • EndDialog.USER32(?,00000001), ref: 00425CBD
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2b7c82f6691d096926ed17cecae52ca96314d3b3ae0b137f45620092b13ae085
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6e595a28571501efdf656b007ad757360c4ac7ab0cbb037c444693b28005dfc6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b7c82f6691d096926ed17cecae52ca96314d3b3ae0b137f45620092b13ae085
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47018B306007149FFB215B11ED8EF9677B8BF04706F40056AA543A14E1E7F4AA448B59
                                                                                                                                                                                                                                                                                                                                                      Function 003F22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F22BE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003F29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,003FD7D1,00000000,00000000,00000000,00000000,?,003FD7F8,00000000,00000007,00000000,?,003FDBF5,00000000), ref: 003F29DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003F29C8: GetLastError.KERNEL32(00000000,?,003FD7D1,00000000,00000000,00000000,00000000,?,003FD7F8,00000000,00000007,00000000,?,003FDBF5,00000000,00000000), ref: 003F29F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F22D0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F22E3
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F22F4
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F2305
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c4d8328379a6cf27ddc281f8d3b67dd07115271d29ac917fe944c3203659011b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: db97cd83884bc77e516218c18ada563f159f4a7aacb542a3e3079225898f6f2d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4d8328379a6cf27ddc281f8d3b67dd07115271d29ac917fe944c3203659011b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CEF03A71880126DB8613BF54BC4582E3B64BB29761701097BF514EB2B5C7B10921ABAC
                                                                                                                                                                                                                                                                                                                                                      Function 003D95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 003D95D4
                                                                                                                                                                                                                                                                                                                                                      • StrokeAndFillPath.GDI32(?,?,004171F7,00000000,?,?,?), ref: 003D95F0
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 003D9603
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32 ref: 003D9616
                                                                                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 003D9631
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 65af5971788ebe4f0b681241750e715b26e343aa50427f54fa7d3d89ab32f3d3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0b561a70530054bc2b529407d870676b493fd10dc1797f2026f2ba471131f4bf
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65af5971788ebe4f0b681241750e715b26e343aa50427f54fa7d3d89ab32f3d3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80F0147200670AEFDB235F69ED58B683B65AB213A2F048236F425591F1C7358A91DF28
                                                                                                                                                                                                                                                                                                                                                      Function 003F0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                      • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4042d20ec92d9b6d1f27134a50df5f20f706e02b090c2d788002b91d6498355a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 17eac1b879943ee6130d0242df9e1521ede16659c0f1de17e5509692f26e58de
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4042d20ec92d9b6d1f27134a50df5f20f706e02b090c2d788002b91d6498355a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9FD1393990020EDADB2B9F68E855BFEB7B5FF05300F2A011AE7019BA51D7759D80CB51
                                                                                                                                                                                                                                                                                                                                                      Function 004461D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E0242: EnterCriticalSection.KERNEL32(0049070C,00491884,?,?,003D198B,00492518,?,?,?,003C12F9,00000000), ref: 003E024D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E0242: LeaveCriticalSection.KERNEL32(0049070C,?,003D198B,00492518,?,?,?,003C12F9,00000000), ref: 003E028A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E00A3: __onexit.LIBCMT ref: 003E00A9
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 00446238
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E01F8: EnterCriticalSection.KERNEL32(0049070C,?,?,003D8747,00492514), ref: 003E0202
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E01F8: LeaveCriticalSection.KERNEL32(0049070C,?,003D8747,00492514), ref: 003E0235
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0043359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 004335E4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0043359C: LoadStringW.USER32(00492390,?,00000FFF,?), ref: 0043360A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                                                                                                                                                                                                                                                                                                                      • String ID: x#I$x#I$x#I
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1072379062-1262894913
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cdb188731614710d7152fccc605c3562b69aba19849e952efe5855a649e4e195
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 834d0d82f5dfd1a7e7a0c73289a46a8eebaa15f973034fbe6ceaccb5ca9669c7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cdb188731614710d7152fccc605c3562b69aba19849e952efe5855a649e4e195
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88C1AC71A00105AFDB15EF98D880EBEB7B9FF49300F11806AE905AB291DB74ED45CB95
                                                                                                                                                                                                                                                                                                                                                      Function 003F5AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: JO<
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3670212169
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0f0899c83357f842eb46362e1aee3f7b44584c426ad7e66730441db2a9a7a0dd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f6e447d04f91c5a2d3de4d78b1dd3a54cc475b92c569f16064dad559c60cf057
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f0899c83357f842eb46362e1aee3f7b44584c426ad7e66730441db2a9a7a0dd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F551BF75D00A0D9FCB229FA5C845FBEBFB8AF05310F15016AF706AB292D7719A018B61
                                                                                                                                                                                                                                                                                                                                                      Function 003F8A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 003F8B6E
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 003F8B7A
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 003F8B81
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                                                                                                                                                                                                                                                                                                      • String ID: .>
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2434981716-1757889381
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e23da81a288c0f2c3e479168a7f9582efffac53c02c396807cf192dc569a506f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a5fd5d7addcbdbc6db1e85eee248180facddc71ff5e2a52127dc4e2f5b1867d4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e23da81a288c0f2c3e479168a7f9582efffac53c02c396807cf192dc569a506f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E741CF7160414DAFDB2B9F28DC85A7D7FA5DF85300F2885AAFA848B642DE31CC028794
                                                                                                                                                                                                                                                                                                                                                      Function 00422716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,004221D0,?,?,00000034,00000800,?,00000034), ref: 0042B42D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00422760
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,004221FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0042B3F8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0042B355
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00422194,00000034,?,?,00001004,00000000,00000000), ref: 0042B365
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00422194,00000034,?,?,00001004,00000000,00000000), ref: 0042B37B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 004227CD
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0042281A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e3ec30aab04c85c718a6c3bf184c1aada9c820cf15491bc90d0cfe1e08ae3df0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e03d69a585777ff96aca98e6f43215e17b16e5ee86bc9004bd2604fde8b1fe8d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3ec30aab04c85c718a6c3bf184c1aada9c820cf15491bc90d0cfe1e08ae3df0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A413E72A00228BFDB11DFA4DD81ADEBBB8EF05304F00405AFA55B7181DB74AE45CBA4
                                                                                                                                                                                                                                                                                                                                                      Function 003F172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\fNlxQP0jBz.exe,00000104), ref: 003F1769
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F1834
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 003F183E
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\Desktop\fNlxQP0jBz.exe
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2506810119-1275097622
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 74061937a1097e1c33bab9fe06e97ec708355db0b9da627cecc31395aa859ed9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7c64a58c494eea9f9788fbc1f1c834bb8d09ec5816e6d3e7865b5139f063f84b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74061937a1097e1c33bab9fe06e97ec708355db0b9da627cecc31395aa859ed9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7319371A4021CEFCB22EB99A985DAEBBBCEB95350F1041B6E6049B211D7B04A44CB90
                                                                                                                                                                                                                                                                                                                                                      Function 0042C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0042C306
                                                                                                                                                                                                                                                                                                                                                      • DeleteMenu.USER32(?,00000007,00000000), ref: 0042C34C
                                                                                                                                                                                                                                                                                                                                                      • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00491990,01535B40), ref: 0042C395
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: feead95433365523c8d96f3776b3f673bcc4f49e7542c57068bd426530db2ded
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 552860444ed9649ebd5aa6855af7e6ce0c605ca456dac255a6d4c8ae5ef3f3bb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: feead95433365523c8d96f3776b3f673bcc4f49e7542c57068bd426530db2ded
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8141BF312043519FD720DF25E884B5FBBE4AF85314F408A5EF8A5972D1D774E904CB5A
                                                                                                                                                                                                                                                                                                                                                      Function 00454416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0045CC08,00000000,?,?,?,?), ref: 004544AA
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32 ref: 004544C7
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004544D7
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                      • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f451008a3ff3f963c3232b28a73ec55586b74d0d656912ee0bdd161ab01adb66
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 41fb6865aabe79a9287f82f045c64a08580738c2b666bfef4f8ec1218f70dc20
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f451008a3ff3f963c3232b28a73ec55586b74d0d656912ee0bdd161ab01adb66
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F131DE31240209AFDF218E38DC45BDB37A9EB49329F204326FD35A62D2D734EC949754
                                                                                                                                                                                                                                                                                                                                                      Function 00426E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SysReAllocString.OLEAUT32(?,?), ref: 00426EED
                                                                                                                                                                                                                                                                                                                                                      • VariantCopyInd.OLEAUT32(?,?), ref: 00426F08
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00426F12
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$AllocClearCopyString
                                                                                                                                                                                                                                                                                                                                                      • String ID: *jB
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2173805711-3445340597
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c8661fc62a22179146ab4968f4b0cfe89f8a0fbec9e980c0851d52c1a22c03cb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 32bb2e0abfb745b4d34e089373926fdd72318d8f86d978c4e24f0ce3870d4584
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8661fc62a22179146ab4968f4b0cfe89f8a0fbec9e980c0851d52c1a22c03cb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC31AF72704215DFCF05AF64E9919BE7775EF45300F5204AAF8068B3A1CB389D12DB99
                                                                                                                                                                                                                                                                                                                                                      Function 0044304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0044335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00443077,?,?), ref: 00443378
                                                                                                                                                                                                                                                                                                                                                      • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0044307A
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0044309B
                                                                                                                                                                                                                                                                                                                                                      • htons.WSOCK32(00000000,?,?,00000000), ref: 00443106
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                      • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 601a784b45014084af8ba6465c531faa635808df3113e20af10278f5844fa27e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 221736b230c5e124346a6d7a5c28fb17a75c7d30f4625bfc6dd1fa99ecec7779
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 601a784b45014084af8ba6465c531faa635808df3113e20af10278f5844fa27e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC310735200201DFEB10CF28C485E6A77E0EF14719F24819AE9158F393DB39EE41C765
                                                                                                                                                                                                                                                                                                                                                      Function 00454653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00454705
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00454713
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0045471A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fdf83c38ac0ba9f3d7924d6beb1f68742898454a2021a4cb3e3813f71fe445eb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7e710f076a51dfadb1e08aea62fc677b5c1d72d9aeddc856a3c79bd9480a9cec
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fdf83c38ac0ba9f3d7924d6beb1f68742898454a2021a4cb3e3813f71fe445eb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF2192B5600209AFDB11DF64DCC1DAB37ADEB9A359B00045AFA009B3A2CB34EC55CB64
                                                                                                                                                                                                                                                                                                                                                      Function 004295AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fec5c69043717f2c27579b60d87e4b6b89c0420b6a4da7b34a17837c39a7d34b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e8dee6c19fe8d2261e125ad04223dc7fe49cbc979b06b63b86462c20abe25932
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fec5c69043717f2c27579b60d87e4b6b89c0420b6a4da7b34a17837c39a7d34b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7213B3230413066D332BB25AC02FB773D89FA5300F94402BFD49DB281EB59AD85C39A
                                                                                                                                                                                                                                                                                                                                                      Function 004537B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00453840
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00453850
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00453876
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 11c952a65d74e90e4d0da9f140a4dfbc577601d2ea05dc9c3b144e536966ee47
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c4a20b29a96ff200b089904a4c508c461f0df73cd7d921fb2bbf2ce94211cf9b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 11c952a65d74e90e4d0da9f140a4dfbc577601d2ea05dc9c3b144e536966ee47
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0121F5726002187FEF119F54CC81FBB37AEEF89792F108125F9009B291C675DC1287A4
                                                                                                                                                                                                                                                                                                                                                      Function 004349F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 00434A08
                                                                                                                                                                                                                                                                                                                                                      • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00434A5C
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,0045CC08), ref: 00434AD0
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                      • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8a5c12544b0a2d1d74b99c3cd983ef020053e927864f226a721ac87f5ac79772
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dbba5d8e857e326e1c007bb638bd9298cfdd18d3a871664881767d03e94a7b34
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a5c12544b0a2d1d74b99c3cd983ef020053e927864f226a721ac87f5ac79772
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23316D71A00208AFD711DF54C885EAA7BA8EF48308F1480AAF805DB252D775ED45CB65
                                                                                                                                                                                                                                                                                                                                                      Function 004541EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0045424F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00454264
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00454271
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 883fbbb1794021b55b526210394949e0e5bf2a5387535643b6dd322db5557e2d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 010509201e510ea1d41381d538abaffe33b78487da069cb5c4728bc3e351223b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 883fbbb1794021b55b526210394949e0e5bf2a5387535643b6dd322db5557e2d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4112331240208BEEF205E29CC06FAB3BACEFC5B69F110129FA41E61A1C275DC519B28
                                                                                                                                                                                                                                                                                                                                                      Function 00422F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C6B57: _wcslen.LIBCMT ref: 003C6B6A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00422DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00422DC5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00422DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00422DD6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00422DA7: GetCurrentThreadId.KERNEL32 ref: 00422DDD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00422DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00422DE4
                                                                                                                                                                                                                                                                                                                                                      • GetFocus.USER32 ref: 00422F78
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00422DEE: GetParent.USER32(00000000), ref: 00422DF9
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 00422FC3
                                                                                                                                                                                                                                                                                                                                                      • EnumChildWindows.USER32(?,0042303B), ref: 00422FEB
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b511811970cf5b9b5452d41b75c4872a6f393a8eac33d6aed6d01a860cc7276e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 410a772ed6c43d98f81bd6a9014ef1b121b0ad8e0e31554f9b2752ec833dbb7c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b511811970cf5b9b5452d41b75c4872a6f393a8eac33d6aed6d01a860cc7276e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD11D2713002156BCF01BF71ACD6FEE37AAAF84305F44407AB9099B252DE789E498B74
                                                                                                                                                                                                                                                                                                                                                      Function 00455882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 004558C1
                                                                                                                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 004558EE
                                                                                                                                                                                                                                                                                                                                                      • DrawMenuBar.USER32(?), ref: 004558FD
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 00c1a70a94da6b5cc5845540e0a7edba89ab9531f29a57c74f5a522d558118c4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dd5b92139ca64712db794edd8a087a53c3870fde3a36157020ed24cec943c5c3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 00c1a70a94da6b5cc5845540e0a7edba89ab9531f29a57c74f5a522d558118c4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31018871500218EFDB119F51DC44BAFBBB4FF45362F1080A6E849D6252DB348A98DF65
                                                                                                                                                                                                                                                                                                                                                      Function 0042007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f24c099ba001d8d1cf9d950262748ea1de22c4d092e00961d9936fbbb143a52e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5fb32ca9f2d80a8d889a2990fc6f1008236225ccdcf488ccacc62e784bdad601
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f24c099ba001d8d1cf9d950262748ea1de22c4d092e00961d9936fbbb143a52e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68C16C75A0021AEFDB14CF94D894AAEB7F5FF48304F50859AE805EB252C735ED42CB94
                                                                                                                                                                                                                                                                                                                                                      Function 0044342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0d505a16372d25d133cd6c8c945646953b48ee4033570227b3e407a1e182d34c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 21a62102ccffa59cfaa7e7ebfdcca7d57651ed37d88c87ff0617221b1794d878
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d505a16372d25d133cd6c8c945646953b48ee4033570227b3e407a1e182d34c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8AA137752043009FD711DF28C485A2AB7E5EF89715F04885EF98A9B362DB35EE01CB56
                                                                                                                                                                                                                                                                                                                                                      Function 00420436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0045FC08,?), ref: 004205F0
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0045FC08,?), ref: 00420608
                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromProgID.OLE32(?,?,00000000,0045CC40,000000FF,?,00000000,00000800,00000000,?,0045FC08,?), ref: 0042062D
                                                                                                                                                                                                                                                                                                                                                      • _memcmp.LIBVCRUNTIME ref: 0042064E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f04e90774c1ffb22c0855fde1e03ff187484e560763c6acaea4e7564e1fa7fc4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 83de4c93d66bdc98d3623874c61c42a937d2d86f80262de47dcbbbfb3d309dda
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f04e90774c1ffb22c0855fde1e03ff187484e560763c6acaea4e7564e1fa7fc4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24815A71A00219EFCB04DF94C988EEEB7F9FF89305F204159E506AB251DB75AE06CB64
                                                                                                                                                                                                                                                                                                                                                      Function 0044A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 0044A6AC
                                                                                                                                                                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 0044A6BA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C9CB3: _wcslen.LIBCMT ref: 003C9CBD
                                                                                                                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 0044A79C
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0044A7AB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003DCE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00403303,?), ref: 003DCE8A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ccfe58e4f1be070f5997a9ee0ef9b45f9846cf0856c97a9c1f7ee63634fe9de1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 83e8e81ee010049823c55cda160e106ec2216212cbe6ed590d74ae50603c95ec
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ccfe58e4f1be070f5997a9ee0ef9b45f9846cf0856c97a9c1f7ee63634fe9de1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66512771508300AFD311EF24D886E6BBBE8EF89754F00892EF585DB252EB30D904CB96
                                                                                                                                                                                                                                                                                                                                                      Function 00401391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: db2d8d0cb2c61d4dadbff14974d7f24c07e7be83c11d6ca44093c933816af8c6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 802091c233496a818cd2dd5639daa15f6ccfb87e7cd3fd4f1ab82b33d765f0db
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db2d8d0cb2c61d4dadbff14974d7f24c07e7be83c11d6ca44093c933816af8c6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F413E35500554AFDB226BBA8C45ABF3AA4EF41330F140737F918EB2F1E77848415366
                                                                                                                                                                                                                                                                                                                                                      Function 00456278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 004562E2
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00456315
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00456382
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 33e0893ed1da8653f896044ae1b6327234f87639c1e2ba433c5decf8a46adf01
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0470509709105e80db55744160ccc9e7fe4ca929847f114d95544c70da655794
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33e0893ed1da8653f896044ae1b6327234f87639c1e2ba433c5decf8a46adf01
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91514A70A00209EFCF10DF68D880AAE7BB5EB55361F51816AFC159B3A2D734ED85CB54
                                                                                                                                                                                                                                                                                                                                                      Function 00441AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011), ref: 00441AFD
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00441B0B
                                                                                                                                                                                                                                                                                                                                                      • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00441B8A
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00441B94
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: db7e90ec50a247167cfa96c5f51716d1d034d303791a00c869b1d2fd4db17ba9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e1ad154dc21ed5e89e5ea64f3e8e6c25fe766211cc261069fd9b61d1afe8cf00
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db7e90ec50a247167cfa96c5f51716d1d034d303791a00c869b1d2fd4db17ba9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A419E35600200AFE721AF24C886F2A77E5EB44718F54845DF91A9F7D2D676ED828B90
                                                                                                                                                                                                                                                                                                                                                      Function 003FB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0d55fdfb3f6a4e4cd516ac10e985633f9da56fc716094946555a31253aaa2931
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a89b17c3db02387db0591336ba8cc56a9f9dc22b84a526dd17dd7e01aee37384
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d55fdfb3f6a4e4cd516ac10e985633f9da56fc716094946555a31253aaa2931
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF4117B5A00708AFD726AF39CC41B7ABBE9EF84710F10452EF205DB692D375A9018B80
                                                                                                                                                                                                                                                                                                                                                      Function 004356D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00435783
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 004357A9
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 004357CE
                                                                                                                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 004357FA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ae830f178a4ca012901a45269eeb89bbc17b12c04357694c6755cf5af154db49
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 16747611f264ea159f04d6eeaec351195ade56a1bf10ec855d5608826b79fb8f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae830f178a4ca012901a45269eeb89bbc17b12c04357694c6755cf5af154db49
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9411639600610DFCB11EF15C485A1ABBE2AF89720F188499EC5AAF362CB35FD01DF95
                                                                                                                                                                                                                                                                                                                                                      Function 003FD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,003E6D71,00000000,00000000,003E82D9,?,003E82D9,?,00000001,003E6D71,?,00000001,003E82D9,003E82D9), ref: 003FD910
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 003FD999
                                                                                                                                                                                                                                                                                                                                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 003FD9AB
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 003FD9B4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003F3820: RtlAllocateHeap.NTDLL(00000000,?,00491444,?,003DFDF5,?,?,003CA976,00000010,00491440,003C13FC,?,003C13C6,?,003C1129), ref: 003F3852
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8c8e2627b513eb6781d46dca89cd864139daeaa77ef672cc3e064879e8d03ada
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c148f5482f45cc2efa1d8976cbcf908bb1c002435d69431c18c0218a3044277f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c8e2627b513eb6781d46dca89cd864139daeaa77ef672cc3e064879e8d03ada
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0231B272A0021AABDF269FA5DC89EBF7BA6EB41310F054168FD04DB291E775CD50CB90
                                                                                                                                                                                                                                                                                                                                                      Function 004552C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 00455352
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00455375
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00455382
                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 004553A8
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: af566bbf24f4ca0456e5d0012349c350d498bd375545967d25f56a33eec9ff2b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8b2309c25f0d2d63a8a9397b45c3ae60bcf9c25fde5aa30bafc6144578849fc1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af566bbf24f4ca0456e5d0012349c350d498bd375545967d25f56a33eec9ff2b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A731D430A55A08EFEB309F14CC65BFA3761AB04392F584013FE19962E3C7B89D48D74A
                                                                                                                                                                                                                                                                                                                                                      Function 0042AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 0042ABF1
                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(00000080,?,00008000), ref: 0042AC0D
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000101,00000000), ref: 0042AC74
                                                                                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 0042ACC6
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 22fc09c245d1b1bfb2a72395ee6276d89553a81b79eb5ad22bb9f7768a92990e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2f60cc9884a377df12952b55a90266f96ffaa53fedf1c74dbf6025eb0cfe2917
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22fc09c245d1b1bfb2a72395ee6276d89553a81b79eb5ad22bb9f7768a92990e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5310930B00328AFFB24CA66EC087FB7665AF85310F84425BE881522D1C37C89A5875A
                                                                                                                                                                                                                                                                                                                                                      Function 00457674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 0045769A
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00457710
                                                                                                                                                                                                                                                                                                                                                      • PtInRect.USER32(?,?,00458B89), ref: 00457720
                                                                                                                                                                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 0045778C
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cd420f3bac496234595836110f7ec5c9aa51a481a9ef62509bb5b28d58fcc2d4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ba808340d5fd485fe771cfc8e59c02c78cfcf36a0cc9429b3c305256d2564b56
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd420f3bac496234595836110f7ec5c9aa51a481a9ef62509bb5b28d58fcc2d4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F8418D746052159FCB01CF58E894EA977F4FB49316F1440BAE8149B362C338F94ACF98
                                                                                                                                                                                                                                                                                                                                                      Function 004516DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 004516EB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00423A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00423A57
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00423A3D: GetCurrentThreadId.KERNEL32 ref: 00423A5E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00423A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,004225B3), ref: 00423A65
                                                                                                                                                                                                                                                                                                                                                      • GetCaretPos.USER32(?), ref: 004516FF
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(00000000,?), ref: 0045174C
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00451752
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9faf1f099a65ce9f7b29c29ea91ec31ef964c80a85e39a6fb9216b6e304f8076
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ad3200ba32597d0729fa21f83e00f770a032ecba6d8094ae63c8de336c537adb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9faf1f099a65ce9f7b29c29ea91ec31ef964c80a85e39a6fb9216b6e304f8076
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85313075D00249AFC701EFAAC881DAEBBF9EF48304B5080AEE415E7212D735DE45CBA4
                                                                                                                                                                                                                                                                                                                                                      Function 00458FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 003D9BB2
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00459001
                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00417711,?,?,?,?,?), ref: 00459016
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 0045905E
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00417711,?,?,?), ref: 00459094
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e8df39bad3b877c865407bac0786539cb4a00c4f603227933e3887ff8c4b93d4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: eb3e36bad0aa1f814d891a88187cab98ffed8e49721511eefe36eafc7a6f45dd
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e8df39bad3b877c865407bac0786539cb4a00c4f603227933e3887ff8c4b93d4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C219F35600118FFCB268F94CC98EEB7BB9EB49752F044466F9054B2A2D3359D50EB64
                                                                                                                                                                                                                                                                                                                                                      Function 0042D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?,0045CB68), ref: 0042D2FB
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0042D30A
                                                                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 0042D319
                                                                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0045CB68), ref: 0042D376
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0490c51eb22206d6bf968cba44f6deeb47130e3f3b657fd01532811cbbcc6234
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8d81d8094d4a4b3cb38d06f257986cb975f8481cdf2019e33bb1b9dc7dcb0d0c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0490c51eb22206d6bf968cba44f6deeb47130e3f3b657fd01532811cbbcc6234
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB21A370A083119F8300DF24D8859AF77E4EE56324F504A6EF899C72A2DB35DD46CB9B
                                                                                                                                                                                                                                                                                                                                                      Function 00421571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00421014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0042102A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00421014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00421036
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00421014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00421045
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00421014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0042104C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00421014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00421062
                                                                                                                                                                                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 004215BE
                                                                                                                                                                                                                                                                                                                                                      • _memcmp.LIBVCRUNTIME ref: 004215E1
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00421617
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 0042161E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d534c6ae85f263945180d810304239004162fdf016d3fc0acc49b25883efd2fd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dbfb357edd7360930a0a89ea99ac1f40e4161f460f664c9c641358a27a2c68b7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d534c6ae85f263945180d810304239004162fdf016d3fc0acc49b25883efd2fd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2219A31E00218EFDF00DFA4D944BEEB7B8EF50345F48445AE401AB351E734AA44CBA4
                                                                                                                                                                                                                                                                                                                                                      Function 00452782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 0045280A
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00452824
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00452832
                                                                                                                                                                                                                                                                                                                                                      • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00452840
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 15f4eb9d10f83389d0324f416b211bc619918442c74e29b42295e62822e98759
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 33bcc47307e01d7927be1ab76fd3c87d30f4162a929a8308c1791477aea1d8c2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15f4eb9d10f83389d0324f416b211bc619918442c74e29b42295e62822e98759
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E210231204210AFD710DB24C980F6AB795AF46325F14821EF8268B293C7B5EC46C794
                                                                                                                                                                                                                                                                                                                                                      Function 004278F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00428D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0042790A,?,000000FF,?,00428754,00000000,?,0000001C,?,?), ref: 00428D8C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00428D7D: lstrcpyW.KERNEL32(00000000,?,?,0042790A,?,000000FF,?,00428754,00000000,?,0000001C,?,?,00000000), ref: 00428DB2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00428D7D: lstrcmpiW.KERNEL32(00000000,?,0042790A,?,000000FF,?,00428754,00000000,?,0000001C,?,?), ref: 00428DE3
                                                                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00428754,00000000,?,0000001C,?,?,00000000), ref: 00427923
                                                                                                                                                                                                                                                                                                                                                      • lstrcpyW.KERNEL32(00000000,?,?,00428754,00000000,?,0000001C,?,?,00000000), ref: 00427949
                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000002,cdecl,?,00428754,00000000,?,0000001C,?,?,00000000), ref: 00427984
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                      • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a677c4414214b4cbdd21c6446a9033f0405b999976e809e09b9072609f7444d2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0d234d36f1f11803f7b12c560869d844f48a422de3a9363f10f4a1fc82309e2f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a677c4414214b4cbdd21c6446a9033f0405b999976e809e09b9072609f7444d2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D11247A300311AFDB119F34E844E7B73A5EF45350B80402BE802CB3A5EB35D841C759
                                                                                                                                                                                                                                                                                                                                                      Function 00455660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001060,?,00000004), ref: 004556BB
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 004556CD
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 004556D8
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00455816
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3bd9d56c7a51a95a7251e443b242d54d4e8d7049e9b5e5bb67e198a8c5adbfb3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5c6e245c546b80720d333cbab28bd1e5bca4b72a7f12c6a2260510a9b2b23fb8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3bd9d56c7a51a95a7251e443b242d54d4e8d7049e9b5e5bb67e198a8c5adbfb3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A11DF7160061896DB20EBA18C81AFF37BCEF11362B104127FD0596183E778CA88CB68
                                                                                                                                                                                                                                                                                                                                                      Function 00421A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 00421A47
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00421A59
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00421A6F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00421A8A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 76acd007fe679b81027fd9ae7afd738cac71ec0e016128d5c8774c9620d7b54d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c3ac2bdbefc1dbcae88dc9c28446b31d9772855f82c9057b3876509db2926cda
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76acd007fe679b81027fd9ae7afd738cac71ec0e016128d5c8774c9620d7b54d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD113035E01229FFDB10DBA5CD85F9DBB78FB14750F200092E500B7290D6716E51DB98
                                                                                                                                                                                                                                                                                                                                                      Function 0042E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0042E1FD
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(?,?,?,?), ref: 0042E230
                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0042E246
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0042E24D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 415ee7377d52230be8c983057282ff93de057e9b92090be52fb7454dc8284f64
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bfbe2293bd044bd229e8cb96d6e0669500698c16bd44611c2a583a1c8f62874f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 415ee7377d52230be8c983057282ff93de057e9b92090be52fb7454dc8284f64
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B114872A04325FFD7119BA8AC05A9F3FACEB45310F104276F825E3291C274CD008BB4
                                                                                                                                                                                                                                                                                                                                                      Function 003ED1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,?,003ECFF9,00000000,00000004,00000000), ref: 003ED218
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 003ED224
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 003ED22B
                                                                                                                                                                                                                                                                                                                                                      • ResumeThread.KERNEL32(00000000), ref: 003ED249
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2138f94fd932917b1c89add51a46df76f06195b85602198582ced62b50fb5dda
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fe07217591752779b16a54d43eab9d22a19ec6c8a094426fd38f108a23dc6bda
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2138f94fd932917b1c89add51a46df76f06195b85602198582ced62b50fb5dda
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84012636805268BFC7125BA7DC05BAE3A6DDF81331F100328FA24960D0CB70C801C7A0
                                                                                                                                                                                                                                                                                                                                                      Function 003C600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 003C604C
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 003C6060
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 003C606A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5892c66200a35b78314f952d10eb9c570734992ad888b41323c858a9b3a38238
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8d9d52749477f8748a4ca65186ef63f506c8cfda644cd83fda9774bbc82b1a6e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5892c66200a35b78314f952d10eb9c570734992ad888b41323c858a9b3a38238
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E111A1B2105619BFEF124FA48C45FEA7B6DEF0C355F01012AFA04A2010C732DC60DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 003E3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ___BuildCatchObject.LIBVCRUNTIME ref: 003E3B56
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 003E3AD2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003E3AA3: ___AdjustPointer.LIBCMT ref: 003E3AED
                                                                                                                                                                                                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 003E3B6B
                                                                                                                                                                                                                                                                                                                                                      • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 003E3B7C
                                                                                                                                                                                                                                                                                                                                                      • CallCatchBlock.LIBVCRUNTIME ref: 003E3BA4
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b2f3a79aaeca2f14598b57f86f6bb9c1c67318e79eab0440881e998444e6f6c2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE012D32100199BBDF125E96CC46DEB3B69EF48754F054114FE495A161C732E961DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 003F3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,003C13C6,00000000,00000000,?,003F301A,003C13C6,00000000,00000000,00000000,?,003F328B,00000006,FlsSetValue), ref: 003F30A5
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,003F301A,003C13C6,00000000,00000000,00000000,?,003F328B,00000006,FlsSetValue,00462290,FlsSetValue,00000000,00000364,?,003F2E46), ref: 003F30B1
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,003F301A,003C13C6,00000000,00000000,00000000,?,003F328B,00000006,FlsSetValue,00462290,FlsSetValue,00000000), ref: 003F30BF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9f3343ebd4ca18dc9da11040e1f5c92e65e9f08a0c1957cf61b527165540e392
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9aed2e87541b852450e600a15a60793d2c6c846916ffb6303d7330245767ed1f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f3343ebd4ca18dc9da11040e1f5c92e65e9f08a0c1957cf61b527165540e392
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6601D43274232BAFCB224A799C849777B98AF05BA1B110631FA07E3241DF21D941C6E4
                                                                                                                                                                                                                                                                                                                                                      Function 00427464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0042747F
                                                                                                                                                                                                                                                                                                                                                      • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00427497
                                                                                                                                                                                                                                                                                                                                                      • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 004274AC
                                                                                                                                                                                                                                                                                                                                                      • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 004274CA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5b1cbc6cc2f17cc0fb2da1197bcaadede0c1e5056fa7caf1449999aa969b10a0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 349ced3050b07ffd926b8395a55d1aead664b12eeaded95b26933693b031fe66
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b1cbc6cc2f17cc0fb2da1197bcaadede0c1e5056fa7caf1449999aa969b10a0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C611C4B1305320AFE7209F14ED48F967FFCEB00B00F90856AE616D6152D7B4E904DB95
                                                                                                                                                                                                                                                                                                                                                      Function 0042B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0042ACD3,?,00008000), ref: 0042B0C4
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0042ACD3,?,00008000), ref: 0042B0E9
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0042ACD3,?,00008000), ref: 0042B0F3
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0042ACD3,?,00008000), ref: 0042B126
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8c4dbee9134b1c799233f60069b1cfc9ea50048a36e2af4a006412340cb351c7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3c6b54e52689fbed8ac1c81a89326f12725f25fc9bc050d21819ebc6d845bffc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c4dbee9134b1c799233f60069b1cfc9ea50048a36e2af4a006412340cb351c7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C113C31E01A39DBCF00AFA4E9A86FEBB78FF09751F504096D941B2242CB3495518B99
                                                                                                                                                                                                                                                                                                                                                      Function 00422DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00422DC5
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 00422DD6
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00422DDD
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00422DE4
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 62667b84b3cc1615c946b1c46781975c96add82e2f548a2ab0d10ae53e6e9f70
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f6381922b9b1327d1b5e7c176770ee54de93cf4217a546ce2b0ab9f339a85832
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62667b84b3cc1615c946b1c46781975c96add82e2f548a2ab0d10ae53e6e9f70
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3E092722413347FD7201B72AC4DFEB3E6CEF42BA2F400026F105D10819AE8C941C6B4
                                                                                                                                                                                                                                                                                                                                                      Function 00458863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 003D9693
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D9639: SelectObject.GDI32(?,00000000), ref: 003D96A2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D9639: BeginPath.GDI32(?), ref: 003D96B9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003D9639: SelectObject.GDI32(?,00000000), ref: 003D96E2
                                                                                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00458887
                                                                                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,?,?), ref: 00458894
                                                                                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 004588A4
                                                                                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 004588B2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 394efb4033386f3b310e54d03fe720f87d948a1cf7df6135a808899b8522973b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8a439e896ca3ab2228c1131471ad53b83c0a826536bb7e6d7c62a3202d33c943
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 394efb4033386f3b310e54d03fe720f87d948a1cf7df6135a808899b8522973b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7F05E36041359FADB126F94AC49FCE3F59AF16712F048022FA11651E2CB799511CFED
                                                                                                                                                                                                                                                                                                                                                      Function 003D98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000008), ref: 003D98CC
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 003D98D6
                                                                                                                                                                                                                                                                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 003D98E9
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000005), ref: 003D98F1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8afa767fedb314259aefe026eb7aa7908b0f2df96b550f0fab6df5808fddfe92
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1b43cb75d5a90eff52992c32b3baa5ded9229e20bf781f46c8ded42ae25342ca
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8afa767fedb314259aefe026eb7aa7908b0f2df96b550f0fab6df5808fddfe92
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85E06531244744AEDB215B74BC49BD93F21AB11336F04822AF6F9541E2C77186509F14
                                                                                                                                                                                                                                                                                                                                                      Function 0042162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 00421634
                                                                                                                                                                                                                                                                                                                                                      • OpenThreadToken.ADVAPI32(00000000,?,?,?,004211D9), ref: 0042163B
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,004211D9), ref: 00421648
                                                                                                                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000,?,?,?,004211D9), ref: 0042164F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 36a9bd73dca91d7a1a5411a7b0d22e492fa66eff55acd30b50093a2928186167
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5835212ac12b0b29110f82411978e5f2b74ab9d3140beaec7c527b5c6c6a060d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36a9bd73dca91d7a1a5411a7b0d22e492fa66eff55acd30b50093a2928186167
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37E04F71602321AFD7201BE0AD4DB4B3B68AF64B92F144869F646C9091D6288440C798
                                                                                                                                                                                                                                                                                                                                                      Function 0041D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 0041D858
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 0041D862
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0041D882
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?), ref: 0041D8A3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e87e5a00d9b7732f2b2b217aa9556ee79b4dbe17230aec3a319aed33038e5885
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 08c3aa20b873e4ed90ce3d40e7978249136a25ecccd32372c01ded3900764091
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e87e5a00d9b7732f2b2b217aa9556ee79b4dbe17230aec3a319aed33038e5885
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12E01AB1800304EFCF41AFA0D848A6DBBB6FB08712F108029E80AE7251C7388A42EF44
                                                                                                                                                                                                                                                                                                                                                      Function 0041D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 0041D86C
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 0041D876
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0041D882
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?), ref: 0041D8A3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 53eed799574118f77e517d54af7e549fee86deda801589fd330f6559bc67ea57
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 03176ce7b3d938cf38d2dbd37ed40dd055a1f55f8a80cdace7c9dc6a0e0e0a8a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53eed799574118f77e517d54af7e549fee86deda801589fd330f6559bc67ea57
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1E09A75800304EFCF519FA0D84866DBBB5FB48712B149459E94AE7251C7389A06DF54
                                                                                                                                                                                                                                                                                                                                                      Function 00434D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C7620: _wcslen.LIBCMT ref: 003C7625
                                                                                                                                                                                                                                                                                                                                                      • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00434ED4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fdfb4cd91d15cac25335e1fe1aee3634ec52cb1266d29d999dc5130b1620c285
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: de6c8da300fb7d2d6214ed78d39b721788cc5438050ff9224f335d58c4287a34
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fdfb4cd91d15cac25335e1fe1aee3634ec52cb1266d29d999dc5130b1620c285
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E9174759002049FCB15DF54C485EAABBF1BF89304F19909EE80A9F362C735EE85CB55
                                                                                                                                                                                                                                                                                                                                                      Function 003EE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __startOneArgErrorHandling.LIBCMT ref: 003EE30D
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                                                                      • String ID: pow
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 474a57aaa40a0ee28fd8cf6ad19c3795027f4c82aebc7f2b42a7aa8511d7c26b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 10704d9424b989448f9ef502a39bb04c293503c0225efe6d60c1a826286ccae1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 474a57aaa40a0ee28fd8cf6ad19c3795027f4c82aebc7f2b42a7aa8511d7c26b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8851CE61A0C60AA6CB177B15CD013BA3BA8EB10740F354E79F1D1873F9EB308C819A47
                                                                                                                                                                                                                                                                                                                                                      Function 00447771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(0041569E,00000000,?,0045CC08,?,00000000,00000000), ref: 004478DD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C6B57: _wcslen.LIBCMT ref: 003C6B6A
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(0041569E,00000000,?,0045CC08,00000000,?,00000000,00000000), ref: 0044783B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BuffCharUpper$_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: <sH
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3544283678-2921670257
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9b40cf8656aeb4411a6442a5b20d7efce8c4864a2a547945d80ec1fd7993273a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 093d3d3cd7e19595fbeec9c012d9b57b2a214d7153a805c212c16a5f00de821d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b40cf8656aeb4411a6442a5b20d7efce8c4864a2a547945d80ec1fd7993273a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF616F76914218AADF06FBA4CC91EFEB374BF14300B54452AE542BB191EF385E06CBA4
                                                                                                                                                                                                                                                                                                                                                      Function 003DE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: #
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 34f6e83c3e35b855714cab76df9bdb5dd9f922952fde85cb0424e2bbc2c642cc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a5fb2243e2029d3daa319a8a178a305a87dbdcdd323b9804b65963d7454d9698
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34f6e83c3e35b855714cab76df9bdb5dd9f922952fde85cb0424e2bbc2c642cc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA51157A500246DFEB16EF29D481AFA7BA8EF15310F24445BEC619F3D0D6389D82C754
                                                                                                                                                                                                                                                                                                                                                      Function 003DF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 003DF2A2
                                                                                                                                                                                                                                                                                                                                                      • GlobalMemoryStatusEx.KERNEL32(?), ref: 003DF2BB
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7d1f5b69413995c1b9809fe866b3dadb700b3fda25f79444db82ffb8677fa3e3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8525567cd6a5a0e6e1a23273ddcdf0034d37ed5d32b8506a78f1e22938fb29f5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d1f5b69413995c1b9809fe866b3dadb700b3fda25f79444db82ffb8677fa3e3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F65167714187449BD321AF10DC86BAFBBF8FB84304F81885CF1D9851A5EB308969CB6A
                                                                                                                                                                                                                                                                                                                                                      Function 00445745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 004457E0
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 004457EC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 979e74f8a4fb0987abf6915cfd5563cf0ef0863eb2338ea5a995af5296efc71a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0cda1d0221c211ff15f95b2e54ac30e1345a9f5e5817d5e275846ad8f88be199
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 979e74f8a4fb0987abf6915cfd5563cf0ef0863eb2338ea5a995af5296efc71a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE41A131E002099FDF14EFA9C8819BEBBB5EF59314F10406EE505AB352EB389D91CB94
                                                                                                                                                                                                                                                                                                                                                      Function 0043D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0043D130
                                                                                                                                                                                                                                                                                                                                                      • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0043D13A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: |
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: addc2d991cad741bcf7bd06465ce9154c220bfcfec082ff012b5241f94cd9be4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 10afe6e2101e4013535202a8ee6d4cc066f864fdbc638b1b0c7a838f58162d6c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: addc2d991cad741bcf7bd06465ce9154c220bfcfec082ff012b5241f94cd9be4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40310871D00219ABCF16EFA5DD85EEE7FB9FF08300F10005AE815AA262D735AA16CB54
                                                                                                                                                                                                                                                                                                                                                      Function 0045356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?,?,?), ref: 00453621
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0045365C
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e4eff54ef56ae8e9e8023eb4898a9f92e228a755eaddc9e9bde87744406e0f9e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a3e049e7c9ac3c95e4d31fd3328376dccdf894d314a39ca10b1cec0e3869270d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4eff54ef56ae8e9e8023eb4898a9f92e228a755eaddc9e9bde87744406e0f9e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F31A071100604AEDB20DF24DC80FBB73A9FF48756F10961EFC5597291DA34AD85C764
                                                                                                                                                                                                                                                                                                                                                      Function 00454537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0045461F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00454634
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: '
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: add9a7e0ec09014119cb0a4641b925f28cda2089c5d2f0b65d4f8f12f9a88acd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 16afa9cb7c63d619709f3876d68ccf372217fb8eb0b84daf90630276b8ba1502
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: add9a7e0ec09014119cb0a4641b925f28cda2089c5d2f0b65d4f8f12f9a88acd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E313B74A01309AFDB14CF69C990BDA7BB5FF49305F10406AEE049B352E774A945CF94
                                                                                                                                                                                                                                                                                                                                                      Function 004531EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0045327C
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00453287
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9c26644d30ffd42f3a34e56f7e140fac55a485e2734ea3e9d50acd865b31f4d7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 46ccfaf0c5188c979543803223d86de632342714c167ce4e399ff1e932da6a63
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c26644d30ffd42f3a34e56f7e140fac55a485e2734ea3e9d50acd865b31f4d7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5611E2713006087FEF219F94DC80EBB376AEB943A6F10412AF918E7292D639DD558764
                                                                                                                                                                                                                                                                                                                                                      Function 00453710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 003C604C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C600E: GetStockObject.GDI32(00000011), ref: 003C6060
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 003C606A
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 0045377A
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 00453794
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 69dfd42152fc09f03203176a2f01068d1af4e2b203740af0d4541f696af7f6d7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1482a58fd6a53dcf5fea3a611b488a941b9b565368f5730d8eec958f83f4c15c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69dfd42152fc09f03203176a2f01068d1af4e2b203740af0d4541f696af7f6d7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D1159B2A10209AFDB00DFA8CC46EEA7BB8EB08346F004529FD55E2251E738E8559B50
                                                                                                                                                                                                                                                                                                                                                      Function 0043CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0043CD7D
                                                                                                                                                                                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0043CDA6
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                      • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 943704515431c7504db129cb391cebe7015f1c1d474d17d977a6f90a4665b86d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: df5bb320b76d4f404454bdf4239f367f9fcc4fe95cafc9f6f9b311d90d3464bd
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 943704515431c7504db129cb391cebe7015f1c1d474d17d977a6f90a4665b86d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E11E3712416327AD7244A668CC4EE7BE68EB1A7A4F005237B109A2180D7689841D7F4
                                                                                                                                                                                                                                                                                                                                                      Function 00453429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextLengthW.USER32(00000000), ref: 004534AB
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 004534BA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: edit
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cb4219a5b12a9450a355589f5b42c85aa35b1b3921483ffcf1c9204e0840c726
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6529c1f2de2bf0667fce0eccac18299850d86a519ae84aece224cdde0473b41f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb4219a5b12a9450a355589f5b42c85aa35b1b3921483ffcf1c9204e0840c726
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C511B271100208AFEB114E64DC80ABB376AEB063BAF504725FD61932D1C739DC599B58
                                                                                                                                                                                                                                                                                                                                                      Function 00426C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C9CB3: _wcslen.LIBCMT ref: 003C9CBD
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,?), ref: 00426CB6
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00426CC2
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7c98431da6030b5f490eaafbaf01da66290e1756402f6270eb6be0df29cdd23b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3f5b3bc86af9db9ff285351406241fe5bedddab858ac6c6409423e334a39c687
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c98431da6030b5f490eaafbaf01da66290e1756402f6270eb6be0df29cdd23b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC01C83271053A8BCB21AFBEEC809BF77A5EB61714792052AE452D7291EB39D900C754
                                                                                                                                                                                                                                                                                                                                                      Function 00421BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C9CB3: _wcslen.LIBCMT ref: 003C9CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00423CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00423CCA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000180,00000000,?), ref: 00421C46
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0471eb5f6e7b1616441638c48eb2d6f80babbc3808ca8ad05ac69aebef577e5f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0d801b5b89318fa8dbc97c60b565d8294cbdb2d13c2bd36f37e5aaaad106fc99
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0471eb5f6e7b1616441638c48eb2d6f80babbc3808ca8ad05ac69aebef577e5f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E801F7767802186ACB05FB91D955FFF77A89B21380F50002FA416B7291EA289F08C7B9
                                                                                                                                                                                                                                                                                                                                                      Function 00421C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C9CB3: _wcslen.LIBCMT ref: 003C9CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00423CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00423CCA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000182,?,00000000), ref: 00421CC8
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 536531baccd2ff583f33a330697bb07375ef0bacc6cfb375009b5d9ea7329032
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a158590d277a284aa8b93e644f0eed3cdea93b26d50d711088c14f2c1915e2af
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 536531baccd2ff583f33a330697bb07375ef0bacc6cfb375009b5d9ea7329032
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC01DB7678022467CB05FB92DA15FFF77A89B21340F54002BB801B7291EA289F18D779
                                                                                                                                                                                                                                                                                                                                                      Function 003DA4D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 003DA529
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003C9CB3: _wcslen.LIBCMT ref: 003C9CBD
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ,%I$3yA
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2551934079-1638462002
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7a996e9bc2f90ef67ea5d4853346fdf35e2b55dd43fab1e3b86d98856bbe8ed2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 94d67a3979e1c4a218cefeee3bfe650b4003030baf66d6664b5bb94d54dfca31
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a996e9bc2f90ef67ea5d4853346fdf35e2b55dd43fab1e3b86d98856bbe8ed2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5401F733600A10ABC907F769FA5BB6D33659B06720F51407BF5116F3C2DE949D41869B
                                                                                                                                                                                                                                                                                                                                                      Function 00458172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00493018,0049305C), ref: 004581BF
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 004581D1
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID: \0I
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3712363035-1252114689
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fa9e05470de9aca1bebd7b6f12eb477abe30fa1e1eebe3d7dfb8bf422da8ca26
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d556adc48edba2b99d843c9ef55fa830dd22d328f19f044a9559ab2d96739073
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fa9e05470de9aca1bebd7b6f12eb477abe30fa1e1eebe3d7dfb8bf422da8ca26
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9DF05EB5640314BEE6206F62AC4AFB73A5CDB16752F004432BF08D91A2D6798E0087FC
                                                                                                                                                                                                                                                                                                                                                      Function 0044747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d4a3f3c920b84486f4b7eae8d1f8594739ddc39f1ba0e51aeb55f5571db97127
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4679cb515c0640d193f721fdf92011dd1b11cf779ab9b3ed4e84c3eb42f3fa83
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4a3f3c920b84486f4b7eae8d1f8594739ddc39f1ba0e51aeb55f5571db97127
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E0E02B0220427010A232227B9CC1A7F5789CFCD790720182BF981D63A7EB98CD9393F9
                                                                                                                                                                                                                                                                                                                                                      Function 00420B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00420B23
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Message
                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 20c8db84f30798ad50fae246fc4b80eab08a2fad746b8ea28b59747594f6ecd9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 43ca8503fd73008437baa1abf5b948a670aa8a5b4db25619610606da19fa45f7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20c8db84f30798ad50fae246fc4b80eab08a2fad746b8ea28b59747594f6ecd9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DAE0D8322443182ED22136957C83F8D7F84CF09F51F20042BFB48995C38AD5685046ED
                                                                                                                                                                                                                                                                                                                                                      Function 003E0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 003DF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,003E0D71,?,?,?,003C100A), ref: 003DF7CE
                                                                                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,003C100A), ref: 003E0D75
                                                                                                                                                                                                                                                                                                                                                      • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,003C100A), ref: 003E0D84
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 003E0D7F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dd211e479948664bbc18873b9404383a7e2c0375c148164ed77ab8112c4f8ba7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a0fb6a9dc3cddfd039b969afea05758df1c12f218f203d5146c2c5680bbd45ea
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd211e479948664bbc18873b9404383a7e2c0375c148164ed77ab8112c4f8ba7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0AE065742003518FD3359FB9D8447467BE0AB00745F004A7EF886C6792D7F4E4888B91
                                                                                                                                                                                                                                                                                                                                                      Function 003DE398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 003DE3D5
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0%I$8%I
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-3579212035
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6ed697c77b6e3a13baf4f183dd6fb40148d2f5b466d47d933405f788cf69b556
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 94c56396d44fed9899b52ce0f8a0e3a26603a49fbef7209c05053af538b604ab
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ed697c77b6e3a13baf4f183dd6fb40148d2f5b466d47d933405f788cf69b556
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3E0263A401920FBCB0BB718FA54AAE3B55AB14330B920277E1028F2D19BF42881868C
                                                                                                                                                                                                                                                                                                                                                      Function 00433017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0043302F
                                                                                                                                                                                                                                                                                                                                                      • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00433044
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                      • String ID: aut
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a53dce1fbc71f9db7a56b7ac78c6dc5e4909e5d80cc7e7058f571e41c5c342fa
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 503f574263efe49e8127b409eccbc27ad864b511d45b728c755a77b52f155efb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a53dce1fbc71f9db7a56b7ac78c6dc5e4909e5d80cc7e7058f571e41c5c342fa
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8BD05B719003146BDA60A7949C8DFCB3A6CD705751F0005A17655D2091DAB4D544CBD4
                                                                                                                                                                                                                                                                                                                                                      Function 00452356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0045236C
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000), ref: 00452373
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042E97B: Sleep.KERNEL32 ref: 0042E9F3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 83d74a21fe0a38d5e1d9c6936590f0b8cf876c15d437c1edc48840b247b51e27
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 66d226dbca5b2399f74097b4ddab1cdf3cfdac72e8ca31a89be7e56abfa98841
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83d74a21fe0a38d5e1d9c6936590f0b8cf876c15d437c1edc48840b247b51e27
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64D0A972380320BAE2A4B371AC4FFCA66049B00B01F4009277201AA0D1C8A4A8008A4C
                                                                                                                                                                                                                                                                                                                                                      Function 00452322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0045232C
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0045233F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0042E97B: Sleep.KERNEL32 ref: 0042E9F3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162371870.00000000003C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162280585.00000000003C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.000000000045C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162485736.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162648790.000000000048C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162765630.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3c0000_fNlxQP0jBz.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 53b794170305df4d5793700bf7cce1e5fe8483d9308ad03348eeab51df513c5d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8e5d5888c6a67985bf07e34cef75196608b5cf00aff9df0a4947e7ae9f865cfc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53b794170305df4d5793700bf7cce1e5fe8483d9308ad03348eeab51df513c5d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DBD02272380320BBE2A4B371EC5FFCA7A049B00B01F0009277305AA0D1C8F4E800CB4C